PCs, Servers & Storage

Show the right column

PCs, Servers & Storage

Protection of personal data - everybody's talking about it

Following the recent, well-publicised incidents of lost personal information within the public sector, we thought we'd take a look at what can be done to prevent such instances occurring - and how to go about it.

Code.jpgWhat are the issues?

Making sure that personal and sensitive data remains safe and secure has always posed problems for organisations and businesses. In recent years the increase in mobile workforces has led to the network perimeter being extended beyond the traditional office environment.

Increased storage capacity on USB drives and the growing sales of laptops over desktops mean that more information is carried around by individuals than ever before - and with increased mobility comes increased risk.

Even within the confines of an office, information is not necessarily safe. Data can be stored on servers, on laptops or in a transfer state from laptop to server or from server to server. In both states information is at risk and there are opportunities for security breaches.

What can be done to reduce risk?

There are a number of ways to help to secure information in transit, on laptops on trains, or in storage. A combination of encryption, authentication procedures and network protection is vital to protect data.

Passwords

The use of a user name and password is the most common and obvious form of authentication. These should be at least eight characters in length and use a mix of numbers and letters.

Biometric Authentication

There are many devices, both on the market and currently being developed, which incorporate fingerprint authentication. However, a password should also always be used alongside biometric authentication.

Authentication Devices

These physical products plug into a computer and must be presented at the same time as passwords for authentication. They may be small enough to attach to a key ring or embedded in a smart card.

Encryption

Encryption involves the coding of information to keep sensitive and confidential material private. Encrypted documents can only be decoded and read by someone who has the correct decoding key. The process makes the data secure and unreadable unless or until decrypted. Encryption can be implemented on secure websites as well as other mediums of data transfer and storage.

What encryption?

Some IT hardware already comes with encryption software installed and you can specify that this is required when purchased. However, encryption is not a one size fits all solution and in order to select the most suitable level of security, you will need to consider the following questions:

  • What business processes depend on the security and reliability of file transfer?
  • What is the file transfer workflow for each identified business process?
  • Does your file transfer technology architecture integrate well with your file transfer workflow?
  • Who needs access to the information?
  • Where is the information stored?
  • Do you have to comply with any regulatory compliance, privacy and Service Level Agreements (SLAs)?
  • Will you need to replicate file transfer services at a disaster recovery site?
  • Is file transfer included in your business continuity plan?

  • What would be the impact to your business should information be lost or stolen?

How will data encryption affect my day-to-day working?

There are often additional username and password stages to go through while accessing the hardware device (i.e. PC or laptop) after encryption software is installed.  In some instances, you may be required to re-enter the username and password if the device is left idle for a period of time.  You will still be able to load data from emails, CDs or DVDs but you will not be able to use removable data storage, such as USB devices, unless they too have been encrypted.

Where can I get the necessary equipment and find more information?

Computers and laptops can be purchased with data encryption already installed from our Client Devices framework agreement.  Details here 

Data encryption software can be purchased from the Buying Solutions Software (Network Software, Security and Maintenance) framework agreement.  Details here

In addition, Buying Solutions has specific framework agreements entitled ICT Security & Delivery Services.  Details here

For further advice regarding the procurement of data encryption equipment, please contact the Buying Solutions Customer Service Desk on 0345 410 2222.