The right data control technology is crucial in preventing data losses on USB sticks and CDs, IT industry pundits have said, following the government's announcement it had lost the details of 84,000 prisoners.
The government does not put enough emphasis on technology, often stopping at policy-making when it comes to data control, said Eric Domage, manager of western European security research at analyst house IDC.
“The government faces fire, so it introduces policy,” he said. “They’ve long understood the risks but they don’t understand their dependence on getting the technology right.”
Encryption, when used, is “strong and difficult to crack”, he said. But encryption is only “the minimum of security”, he added. Data leakage prevention software should be installed across government to properly control the flow of data.
“All the big security vendors offer this, including Websense, Symantec and McAfee,” he said. “You can set a policy, then the system scans all your files and watermarks each as ‘no copy’, ‘no forwarding’, or ‘no print’, for example.” This then directly prevents those actions from happening, he said.
Thomas Raschke, senior analyst at Forrester, agreed that data leakage prevention and encryption are crucial. But he said the government's understanding of data security still needed to be improved first.
“Most people have little understanding of what data they have, how important it is, where it sits and where it travels,” he said. “You need to look at the different data types and assess how critical they are, so that you can apply the technology.”
There should be more collaboration between risk managers and IT managers, Raschke said, adding: “If you look at who is able to define the sensitive data, these people are typically not in IT.”