RSS FeedBlogs
RSS FeedSubscribe to this blog
About Author
Jericho Forum

The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.



Data security is not enough - we need provenance too

Just because the 'porn pirates' were on a database does not prove their guilt

Article comments
Another high-profile data loss story in a long line, this time a law firm that collected data on alleged file-sharing media and porn pirates which was then stolen for all to see.

There are at least two issues here, the first being that the data should have been encrypted, especially as it appears to hold some credit card details, as well as other personally identifiable information.

The second is the validity of the data - how do we know it proves anything about the behviour of the people registered to the cards?

There have been a number of cases where stolen credit card information  and where unsecured wireless networks have been used by cyber criminals to download illegal material.

In essence, on the Internet no-one knows if you are who you say you are. It is relatively simple to impersonate other systems and buy other people’s credit card details (including CCVs), a botnet can take over your home or office systems and make it a hub for illegal file sharing and spam all without you knowing about it… until the police turn up at your door, or the data gets leaked onto the net.

There is a huge need for stronger identity management, authentication, authorisation and data signing, so that data which is out there in the ether can be correctly attributed to the author (or creator of it) - and more importantly, the data which shouldn’t be associated with the alleged author can be quickly dismissed, before damaging reputations.

Data provenance is becoming an issue we all need to be concerned with. For the past two years The Jericho forum has concentrated on the cloud and secure working in it. While this problem hasn’t been completely solved, there are now a number of initiatives, such as the Cloud Security Alliance and ENISA which are providing practical guidelines to improve security.

The next big problem the Jericho Forum is working on is Identity and access management which will expand the opportunities for collaboration in the cloud while reducing the risks.

Guy Bunker, Jericho Forum board member


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *