The National Policing Improvement Agency (NPIA) has officially launched the Police National Database, which allows forces to share locally held intelligence and information on crime. However, given the recent spate of cyber attacks, concerns remain over security.
Ross Parsell, Key Account Director Government and Commercial, Thales e-Security commented, “Any high profile public database is vulnerable to an attempted attack. While the kind of technology being deployed by the NPIA clearly has many benefits, the constantly evolving threat landscape around information security means that organisations need to consider security requirements from the very outset of new projects and initiatives and not as a bolt on or afterthought.
Perimeter based protection is no longer sufficient and a data centric approach is now considered best practice. “Sensitive data should be encrypted at the point it enters a system using techniques that ensure the encryption key used can only be subsequently used to decrypt data for legitimate business transactions and data volumes. Protecting the key and using a key management policy that enforces its use by legitimate applications only and ensuring it cannot be (ab)bused to decrypt large blocks of data is the most effective way to do this.”