Power is nothing without control
The evolution of IT infrastructure in the public sector has reached a crossroads, writes Paul Davie
Legislation and the increasing weight of personal information are forcing an increase in the
complexity of the IT systems in public sector organisations.
This potent mixture of external and internal pressure has meant that a new approach to IT system design has been necessary to meet these needs. Consolidation of resources is now the mantra and all those benefits associated with it, such as re-usability, scalability and low cost of ownership, are now standard terms in boardrooms.
The NHS Trusts in the north west of England recently announced they have streamlined document and print management services. However, consolidation does increase the risk and impact of security breaches on centralised systems.
Recent stories about more than 50 NHS staff viewing celebrity patients’ records is one of many examples of how technologies introduced for the greater good, allowing information sharing, are also an Achilles’ heel if they are not properly secured.
Historically, there has been far too much emphasis on encryption and authentication of data at the expense of monitoring what authenticated users are actually doing with the data when they are given access to it. As Pirelli’s mantra goes: power is nothing without control.
The NHS Trusts, like other public sector bodies, need to learn from the commercial world, where it has become accepted that the key to protecting information from internal audiences with inquisitive minds is in securing and monitoring access to the database with the use of more intelligent behavioural analysis technologies.
It is obvious that existing systems will only become heavier with personal information and, therefore, they run the risk of becoming a goldmine for attacks, both from inside and out.
In light of this increasing pressure, resellers and distributors should ready themselves for the opportunity that is presented.
Public bodies need help to streamline their technologies, while protecting their systems from
external and internal threats.
Paul Davie is chief operating officer and founder of Secerno.