IESS Group

On a personal level, I’m very concerned about online security and privacy. 

From a commercial perspective, brand leaders are faced with a completely new challenge – how to adequately protect their clients data (though i guess many will sidestep the issues by taking no responsibility through privacy and data protection clauses).

 Looking globally at the issues of online security, no website or public ip network including cloud technology is safe – government, private or commercial!

With the recent changes to IP Addressing, whole new networks in public buildings, homes and businesses worldwide become open to hacking events for electrical items – imagine a country hacking the UK Electricity grid and shutting down businesses and street lighting etc.

I’ve worked in the IT industry for over 15 years as a Professional IT Consultant working with multi-national groups, SME’s and sole traders too and never before I have been so concerned about the need to protect online data.

A number of years ago, I was commissioned to provide SOX (Sarbanes Oxley) consultancy work for 2 major uk based aerospace manufacturing company’s and at the very heart of the policy models we developed, was the cost, integrity, ip and the importance of data.

Every aspect of the SOX model worked towards ensuring that the core data was available, accessible by layers and key-holders and was recoverable. In a typical network infrastructure, if hardware fails it can be replaced, if software fails it can be re-installed, but if data is corrupted, stolen or unavailable the cost to the business is significant and in some cases devastating!. I have witnessed first hand over 100 PC’s taken down by a virus in under 5 minutes – and every machine had to be rebuilt from scratch – in that particular instance the business could not function on paper!

All the man hours of a work force, over the entire history of every business, has contributed to creating that living, evolving data set – knowledge, experience, ideas, concepts, facts, figures, strategies, plans, goals, suppliers, costings, profit, salaries, staff records – everything is wrapped up in this highly valuable knowledge library. This is the core asset of any business, if your building is set alight and you have teh contingency to move your dataset, you can trade another day.

According to the VP of McAfee, global cyber attacks recently have been identified as possibly at a state level, where one country is deliberately stealing data for commercial and political gain. That’s some statement! It’s pretty frightening that this is the new era we live in, but i’m personally more concerned about the weakness of infrastructure that we use on the Internet.

But lets move away from the fears and concerns and looking closely at the solutions we need to adopt.

First is the way data is transferred across the Internet – web and email – all of this simply needs to be delivered via encrypted tunnels – that’s a very simply way for industry to start offering a greater degree of protection and privacy of the data that moves across the web.

Second is the web browser client / server model – this is the biggest flaw we have in the technology.  It has had significant advantages too in that it has become an ideal vehicle in which information from one site to another can be replicated, but we’re moving away from the phase of significant growth on the Internet, into what will become a more stable plateau of operating – whereby we improve the quality of what we have created thus far and copyright & ip ownership is upheld.

We need changes so that…

1. Every website cannot be decoded by others – prevent viewable source code
2. Every browser runs an encrypted session to a verified DNS server
3. Each website is coded in a unique way
4. There are tough penalty’s to deter hacking even at the script kiddy level
5. Bring more people into core open source projects rather than spreading resource thinly and leaving security as a post hack consideration
6. Every email is sent encrypted and verified by DNS having originated from a trusted source using certificate services for email clients
7. The DPA shifts more onus and responsibility into the hands of organisations to use robust security models or get fined!
8. Every e-commerce or data portal has a unique security configuration – by that I mean that software offers the variables on how the security infrastructure is modelled, so that hackers find it impossible to second guess what they are attacking

Knowing where we are today, and with the introduction of facial identification software being able to scan photo’s in Facebook, I’m opting out of using my real name and identity in all social networks and I advise you and your loved ones to do the same, until such times the technology provides the protection we all require and deserve.

Tags: Facebook, hacking, privacy, Social, Social Networking, web security

This entry was posted on Thursday, August 4th, 2011 at 9:51 am and is filed under Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.