Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Removing employee responsibility from the data security loop

Check Point : 24 June, 2009  (Technical Article)
Nick Lowe of Check Point uses a case study involving NHS Blood and Transplant to illustrate the protection of corporate data without impacting employee functions
Primum non nocere - first, do no harm - is a fundamental principle in healthcare. The same principle should also apply in devising and deploying an IT security solution. While no organisation wants to risk the damaging effects of data losses, the security solution should also not interfere with or hinder users going about their everyday computing tasks. In effect, the security should be delivered as near invisibly as possible, without the user being able to affect it.

The reasoning behind this is simple. If you make security transparent, then it's much more likely that systems and data will stay protected. All too often, data losses and leaks are blamed on individuals downloading sensitive data that they shouldn't have, or failing to protect data on a laptop or USB memory stick. But this thinking diverts attention away from the real problem.

While an individual's actions may have breached security policies, it's unlikely that there was malicious intent involved. The users were just trying to do their job a little quicker, or work a little smarter. Can they really be blamed for that?

I would say the real issue is this. Why was it left up to the individual to decide what data should be protected, and how that protection is applied? Shouldn't the IT department share some responsibility for making security difficult to apply, or for failing to ensure that policies are adhered to by users?

So it's no good playing the blame game. An effective security solution enforces security policies with products, to remove from users the responsibility of deciding what data needs protecting. If the data needs securing as part of a process - such as copying data to a laptop or storage device - it's done automatically, without the individual having to worry about it.

Sounds simple, but how does an organisation go about deploying this kind of data security solution to all its employees? An excellent example is NHS Blood and Transplant.

NHS Blood and Transplant is responsible for collecting, processing, storing and issuing approximately 2.1 million blood donations per year from its 15 blood centres in England and North Wales.

In addition to dealing with blood donations, NHS Blood and Transplant conducts new research into improving the safety of blood and blood products, and the ways they can be used to help save lives. Storing confidential personal data as well as sensitive research data means it is imperative the organization has a fail-safe data security solution in place. Access security to its organ transplant application for staff across the UK is also critical.

NHS Blood and Transplant already had a robust laptop and PC security solution in place. However, they needed to enhance protection for sensitive data to comply with latest Government directives on data security in the public sector.

Adam Ataar, Network Security & Operations Consultant NHS Blood and Transplant said: "Our laptop and PC security was already strong, as we used Check Point's Integrity 6.5 solution for firewalling, intrusion prevention and endpoint policy compliance. However, we needed to deploy full disk encryption and port protection functions to further enhance security. And with 1,000 laptops and 500 desktop PCs across the UK, the solution had to be easy to manage, without adding complexity either for users or the IT team."

Following an evaluation of solutions from several vendors, NHS Blood and Transplant chose to deploy Check Point Endpoint Security. This is the first single agent for total endpoint security that combines the highest-rated firewall, network access control, program control, antivirus, anti-spyware, data security and remote access.

Designed to protect company laptops and PCs against malware, data loss, and other threats while enabling secure remote access to the corporate network, the solution was chosen for its ability to deliver comprehensive security in a single software agent that is easily deployed and managed from a single console.

Endpoint Security has enabled NHS Blood and Transplant to further protect the data on its fleet of laptops, desktop PCs and USB storage devices against malware, data loss and theft. Its full-disk encryption feature means NHS Blood and Transplant employees don't have to make any decisions about what data needs protecting.

Adam Ataar said: "Users shouldn't be given the responsibility for deciding what should and should not be encrypted, or to maintain security policies. These policies have to be enforced by solutions, as transparently as possible from the user's viewpoint. That's exactly what the Check Point solution does."

It also gives full control over data written to USB devices and removable media, as well as controlling which types of removable storage devices can be used on the organization's network.

"We use the granular control of Endpoint Security's port protection function. Each member of staff is given their own fully-encrypted 2GB USB drive, and use of all other removable media is blocked. This enables us to keep information flow fully traceable and secure, while enabling users to work efficiently," continued Ataar.

Adam Ataar reports that both deployment and ongoing management have been seamless and easy for users and the IT team. Additionally, by reporting on the security status of each laptop and PC, Endpoint Security also allows any required upgrades or policy issues to be identified and addressed directly by administrators from the central management console.

Another key issue for NHS Blood and Transplant is to protect documents and emails that users are working on when away from the office, without compromising security or usability.

Endpoint Security includes both data security for preventing data loss and theft and a VPN client which provides secure remote access for employees working offsite. This delivers greater flexibility to the organization by allowing employees to work securely online when out of the office; ensuring sensitive data continues to be protected.

In the future, NHS Blood and Transplant plans to migrate its secure remote access to the VPN functionality in Endpoint Security, from the Citrix Access Gateway solution it currently uses. Adam Ataar says this will further simplify security management and deliver long-term savings.

This type of granular control and application of policies ensures that data flows in a traceable and secure manner, while enabling users to work efficiently. It ensures that the security solution truly does no harm.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo