Application Security welcomes proposal to secure government data at source.
Application Security (published 23/11/2007)
Securing sensitive data at its source rather than relying on downstream security processes or audit trails is a concept advocated by Application Security who supports the UK Government’s move towards this technique.
Application Security welcomes Gordon Brown’s proposed review of data security in government departments.
George Fyffe, European Director explained why Application Security Inc welcomed the review: “We advocate securing data at its source – the database. It is unacceptable to have procedures which can be by-passed by any official (deliberately or otherwise). Depending on staff adhering to manual procedures will never be adequate. Equally, it is not acceptable simply to keep audit logs that can tell us what happened after the event. This is where software needs to be used to provide security in depth.”
He continued: “Whenever highly sensitive data gets into the wrong hands, it’s a dangerous proposition on multiple levels, with a potential global impact. For those reasons we support the government’s plans to review data security and we would call for measures and checks to be an integral part of the system design. We are all now well aware of the recent loss of 25 million child benefit records, but the full impact of that loss and system failure might not be felt for months or even years. But if HMRC had designed a system with adequate database procedures and security, then perhaps this catastrophe could have been avoided.”
George Fyffe concluded, “Our work with other UK government departments tells us that best case practice does exist within the government and we would hope that would be shared and showcased for the others to learn. This is where joined-up government begins; all government departments need to apply database security best practice.”
