Credant Technologies says Naval USB stick loss may be final straw for UK government on security practices
December 2009 by Credant Technologies
Media reports that a USB stick containing `restricted’ information on naval manoeuvres and staff across the UK may force the Government into implementing new security practices, predicts Credant Technologies.
“With high capacity USB sticks, capable of storing more data than a DVD, on sale in high street outlets for less than ten pounds, it’s clear that the data genie is now well and truly out of the bottle," said Sean Glynn, product manager with the endpoint security specialist.
"It’s against this backdrop that we think it’s time for the Government to move on from its best practice approach for its many Departments and Agencies on IT security, and make encryption of all private data mandatory," he added.
According to Glynn, with technologies capable of encrypting data – at rest or on the move - in real time, and on a simple desktop or laptop PC, as well as smartphones and other portable devices, the argument that there is no longer a need for this level of security does not apply.
What we are seeing, he explained, is a fundamental shift in people’s attitude towards moving data around, with many more people not thinking twice about porting data from their office PC or laptop to a portable device.
The driving factors in this trend, he went on to explain, are convenience and making life easier for the employee concerned. Security, unfortunately, tends to come second with regard to this trend towards storing data on portable devices and, says Glynn, this is why the Naval USB stick loss - and its eventual offering to a major newspaper, before being handed into the police - may be one incident too far for the Government.
"It’s now two years since the infamous loss of the twin disks containing details of 25 million child benefit claimants (http://bit.ly/4LW870) and things have still not improved," he said.
"Public sector attitudes towards data security must change and the only way to do this is to make data security mandatory in all Government departments and agencies. This latest USB stick incident clearly shows what has to be done," he added.