- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
CIO Jury: People and processes more important
By Andy McCue
Published: 7 December 2007 14:00 GMT
Policies, processes and a "corporate ethos" of care of data are more important in securing sensitive information than using encryption technology.
Encryption has been back in the spotlight following the HM Revenue & Customs data breach that led to two CDs containing unencrypted records of 25 million people on the child benefit database getting lost in the post.
-- James Findlay, head of ICT, Maritime & Coastguard Agency
But two-thirds of silicon.com's 12-strong CIO Jury IT user panel said technologies such as encryption need to be part of a more holistic approach to security that includes training for staff and strict enforcement of policies.
Nic Evans, European IT director for Key Equipment Finance, said: "More important is a corporate ethos of care of such data."
Encryption on its own can give a false sense of security, according to Florentin Albu, ICT manager for the European Organisation for the Exploitation of Meteorological Satellites (EUMETSAT).
He said: "However, when used in the context of an information management/information security framework, it can become an effective way to mitigate certain corporate data risks. Even so, it would be just one piece of the jigsaw - you need to combine it with other technologies (authentication, authorisation, etc) and information management practices (data classification, data handling, etc) in order to become effective."
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Even with encryption technology there are weaknesses that could lead to data being compromised. Steve Clarke, director of systems and operations, AOL Broadband, said: "Encrypted data still needs to be viewed, which means it must be unencrypted - giving rise to opportunities to store the data without its encryption. By implementing policy, processes, appropriate training and rigorous enforcement our data stands a chance of remaining secure, but encryption alone is not the panacea."
James Findlay, head of ICT for the Maritime & Coastguard Agency, said: "Encryption only forms part of the solution. Organisations must have robust policies and processes in place to ensure the integrity of both data and systems."
Another survey by security company CheckPoint found just under half of IT chiefs have deployed encryption within their organisations.
But those in favour of greater use of encryption to secure data include Graham Yellowley, director of technology services for investment bank Mitsubishi UFJ Securities International.
He said: "This is a minimum requirement for securing any data, whether this be for internal or external dissemination. Encryption strength needs to be considered with at least 256 bit key encryption for real security."
Richard Steel, CIO for the London Borough of Newham, added encryption should be used "where the data must be mobile and combined with two-factor authenticated access".
Today's CIO Jury was…
Florentin Albu, ICT manager, EUMETSAT
Alastair Behenna, CIO, Harvey Nash
Mike Buck, architecture manager, Yorkshire Water
Steve Clarke, director of systems and operations, AOL Broadband
Nic Evans, European IT director for Key Equipment Finance
James Findlay, head of ICT for the Maritime & Coastguard Agency
Neil Harvey, head of ICT, Food Standards Agency
Jane Kimberlin, IT director for Domino's Pizza Group
Jacques Rene, CTO, Ascend
Richard Steel, CIO, London Borough of Newham
Richard Storey, head of IT, Guy's and St Thomas' NHS Foundation Trust
Graham Yellowley, director of technology services, Mitsubishi UFJ Securities International
Want to be part of silicon.com's CIO Jury and have your say on the hot issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com
I agree with almost all of the article but encrypt...
Andy Lankester
This title 'Encryption not the key to data securit...
James Robertson
If the data is encrypted, you can control access t...
Graham Coles
Obviously encryption will help.
However, I thin...
Sarah
excelent title!
paul m
Encryption is a tool not a strategy. You wouldn't ...
Peter Gilford
Encryption provides confidentiality and integrity ...
Meths Cebrian Ferrer
The McCue Interview: Martin Taylor, group CIO, LCH.Clearnet
On saving lives and IT departments…
The McCue Interview: Robin Dargue, Group CIO, Royal Mail
The high-flying CIO on transformation and learning curves
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
The silicon.com CIO Jury provides one of the most influential voices in the IT industry, consisting of a fast-growing pool of senior business decision makers from some of the largest, most innovative companies in the UK. Increasingly recognised as both a barometer and catalyst for change within the IT industry the CIO Jury is the place to be if you are a leader rather than a follower.
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
Steve Ranger Editor's Blog: Back to the future What will remain of today's technology in 100 years?
Ged Keogh-Peters Take stock for tough times Opinion: Even with falling sales, innovation creates an edge