Recently in Information Security Category

Will 2012 be the Year that convergence finally happens?

| No Comments | No TrackBacks
| More

The rise of the smart-phone as the global social networking and on-line browsing device of choice has expedited the convergence  of fixed and mobile communications into "ubiquitous broadband" - even in the UK (which went from leader to laggard during the dead-end decade of local loop unbundling). Hence the driving force behind deals which upstage BDUK Broadband policy like that of O2 and Kensington and Westminster  in much that same way that BSkyB upstaged IBA Satellite policy, two decades ago.   

Meanwhile the fragmentation of debate over privacy, surveillance, on-line safety and cyberwarfare continues to complicate the spread of cost-effective information security by design - as opposed to coating that which is inherently insecure with layers of expensive and ineffectual scareware. Will that change as more businesses realise that using the identity chips already embedded in PCs and mobile phones enables identification of the physical device with which they are communicating? The routines are not totally spoof-proof (nothing ever is), but they do enable better, faster, less obtrusive security at lower cost. They also restrict anonymity to those willing to pay for the privilege. I look forward to seeing a converged debate flushing out the hidden agendas of those who wish to see this happen, those who do not, those who wish use all to be uniquely identifiable and those who wish to have multiple on-line personas with different attributes which they can manage separately.  

Do the recent riots make a new business case for Cloud computing

| No Comments | No TrackBacks
| More

In his blog on the impact or otherwise of the recent Cloud outages caused by lightning strikes in Ireland, Cliff Saran points out the small size of one of the best known Cloud operations - selling surplus capacity on a global on-line retail operation. I have blogged before on the amorphous nature of Cloud computing and the way is used to embrace almost anything from a repackaging of the operations that EDS (now part of HP) and IBM have been running for the US Department of Defence for over 40 years to an on-line test environment.

The torching of businesses over the last few days by the rioters who looted them has opened up a new business case for the on-line, off-site, data back-up that is an integral feature of cloud computing. I had thought the torching was to destroy the evidence (including locally stored surveillance video) but it now appears it was also an anarchic revenge on all who had refused them jobs and "respect".

Either way, whether the smoking heap of wreckage was a small business in a city centre, a superstore in a retail park or a national distribution depot for consumer goods, the case for having off-site processing and data storage has suddenly become much stronger. But the vulnerabilities of data centres to power problems and of communications networks to similar disruption (including lightning strikes and cable theft) also need much greater attention.

Hence the importance of the Information Society Alliance (EURIM) work on Shared Infrastructure issues as part of the policy study on Opening Britain for On-line Business.  I am particularly glad that one of the main UK suppliers of Cloud Computing has just volunteered  to help lead the work on the inter-operablity interfaces needed to help support resilient and secure services, with fewer of the vulnerabilities than other parts of the world.   

From Wild West to Western Front : the evolution of Cybersecurity

| No Comments | No TrackBacks
| More

"The Internet used to be compared to the WIld West, the lawless frontier; now it is more like the Western Front, a massive, unrestricted battlefield. Geopolitics is putting your data in the firing line." So concludes an article by Allan Dyer of Yui Kee Computing in the IMIS Journal. On Thursday, at the ISSA UK Chapter and I heard several presentations on what is currently happening (and what is expected to happen). One summarised a PWC study report. Another summarised the report of an ISSA Advisory Board brainstorming. Until yesterday I would have said they were both excellent. I took part in both the PWC study and the ISSA brainstorming. Then I read Allan's article. It reminded me that we in the West are at the Far End of the world from where the future is being forged. [double entendre intended].

 

Freedom of Information (and Wikileaks) v. Censorship (and Established Power)

| 1 Comment | No TrackBacks
| More

The reaction to the Wikileaks story exposes the heady mixture of self-delusion that passes for debate on freedom of information, transparency of government, re-use of public information, secure data sharing, data protection, information assurance, information security, information risk management and even net neutrality. I am waiting for the rumours that the Wikileaks was assisted by the Chinese, Indian or Isreali governments - or a coalition of all three. It was also an accident waiting to happen, given the US approach to "secure information sharing" after 9/11.

Should you have a choice whether your personal information is sent offshore?

| No Comments | No TrackBacks
| More
The revelation that NHS trusts are routinely sending personal records for processing in a nation with no data protection legislation reminds me of when a former Inland Revenue CIO suggested (at a PITCOM meeting) that it be made a criminal offence to send data collected under statutory powers off-shore for processing. He had discovered that, despite a prohibition in the contract, one of their suppliers had sent a file containing current records to the USA for testing they had been told was being done in the UK. 

But it wasn't me who asked for my benefit to be paid into Megabank

| No Comments | No TrackBacks
| More

The Government plans for us all to have personal web-access to their on-line services inside four years, as described in the Times today are as "ambitious" and cahllenging as they are overdue. If they are serious about socailly inclusive delivery the first step must be to ensure that the "Digital Gateway Offices" have on-line access that is fit for a sub-postmistress to access on behalf of a queue of frail pensioners. The second is to ensure that all involved (including contractors in the supply and support chains) are vetted and subject to personal liabilities for carelessness and indiscretion, let alone active misconduct, that are at least as strong as for those who run a sub-post-office.

Long live the database state

| No Comments | No TrackBacks
| More
The FIPR Alerts service has just drawn my attention to an excellent article in Prospect headlined; "Long linve the database state: smarter use of public service statistics can save lives as well as money. But anxious civil libertarians want to stop the state sharing our personal records. They must not succeed. " 

Who "owns" your identity and your personal data?

| 1 Comment | No TrackBacks
| More
HMG appears about to admit that federated identity management is inevitable, if only because none of the tribes of Whitehall can agree to use a system controlled by another tribe. Meanwhile 

"It's Ours: why we, not the government, must own our own data" an excellent paper from the Centre for Policy Studies has moved the debate on.   

How does the cookie crumble? Whose spyware is acceptable?

| 1 Comment | No TrackBacks
| More

What is the difference between the Larry Page's claim that making Google wipe data after six months would hit Flu Protection and a Ministerial claim that spending umpty £billion on data retention and Interception Modenrisation would help the War Against Terror"? This morning I also received an eloquent lawyer plea "Please kill this cookie monster to save Europe's websites".  

Surgery for the rotten heart of the Internet?

| 2 Comments | No TrackBacks
| More
Today was the deadline for comment on the ICANN consultation  on the Initial Report on Fast Flux Hosting. This is the "technology" used by spammers, phishers, botnet herders, denial of service extortionists and cyberwarfare practioners around the world. It also has some, but not that many and decreasing, legitimate uses. ICANN meets in London next week to discuss what comes next.  

About this Archive

This page is an archive of recent entries in the Information Security category.

Information Assurance is the previous category.

Internet is the next category.

Find recent content on the main index or look in the archives to find all content.

Archives

Recent Comments

 

-- Advertisement --