Dan Davies 13 April 2018

Cyber security: challenging the old way of doing things

Cyber security: challenging the old way of doing things image

Data security is a big concern but many local government organisations continue to rely on centralised data systems that are vulnerable to attack. As long-term efficiency measures continue to erode spending, can a complete shift in approach help those in local government square the circle and provide necessary security with a cost saving alternative?

For years, organisations have trusted in systems where data is put in one place and they trust the system will keep the data safe. Admittedly, these centralised systems are very sophisticated using a server or data centre, or the ‘cloud’.

They also have the ability to hold thousands if not millions of accounts and files with sensitive data such as confidential organisational and customer/financial/employee information. These centralised systems have been the paradigm for many years.

By its very nature, the centralised client-server model makes it an attractive target to attack. A successful data breach requires just one single point of failure. This Achilles’ heel makes the systems easy targets for malicious breaches like the NHS ransomware attack. The recent scandal to hit Facebook concerning sensitive data being unwittingly divulged to third parties serves only to highlight the firefighting many organisations face in order to manage and protect data.

What then follows, when a breach occurs, is a cycle of behaviour that never really resolves the issue: patch it up, it breaks, patch it up and it breaks again. Organisations get called to account with nasty letters from the Information Commissioner or perhaps they get dragged in front of parliament or a group of MPs to answer for the breach, and the threat of hefty fines. Lots of head-nodding, and lots of ‘sorry, this won’t happen again’ and promises of better training and better security.

But 'sticking plaster' IT security strategies on large scale networks mean data breaches will remain a constant challenge because fundamentally the underlying system doesn’t change. Rather than trying to patch up a bad system, what if there is an alternative which has no single central point of failure and can spread the risk by 'spreading' the data?

Decentralised peer-to-peer systems have been around for a while but they have an increasing relevance as large scale data breaches become more commonplace. The technology offers an alternative way of approaching data security by turning the current paradigm on its head.

Using a decentralised or ‘peer-to-peer’ communication system means data doesn’t sit in one place and, therefore, greatly reduces a system’s vulnerability to a single attack that could unlock the whole system.

Decentralised, peer-to-peer systems spread segments of data across a number of machines (10s, 100s, 1000s). The individual data fragments are meaningless on their own so, even if an attack did take place, the data obtained would be worthless and the impact of that attack significantly reduced.

In simplistic terms, decentralised computing works by using millions of ‘boxes’ all holding just part of the data, not all of it in its entirety. These boxes are ‘stored’ in millions of locations. So, if an attacker wants to steal the confidential data it’s got to locate and unlock millions of boxes to try to piece the encrypted data together. It’s too difficult, and why would they when they can attack another organisation which uses a centralised system with only one point of attack and not millions?

For organisations hit by budgetary constraints, the decentralised model costs much less than the existing model as there is no need for data servers, ‘middle men’ or thousands of back office engineers to repair and manage security updates.

Peer-to-peer systems are also incredibly scalable, making them a practical and cost-effective option for local government organisations working with thousands or millions of data files.

Although not a silver bullet for every organisation, it can offer an improved solution to the threat of data security for those with responsibility for holding and protecting sensitive data.

Peer-to-peer systems have a wide variety of applications. For those driving change at a local government level, strategies such as Smart Cities and operators of critical services, it can offer a solution for improved security and privacy.

At a time when local government is under long term pressure to deliver value with restricted budgets, those responsible for IT security should think outside the box. Think about millions of boxes to hold data and think of a decentralised way of improving security that can also deliver financial savings.

Dan Davies is the business development director of Zovolt Ltd responsible for Streembit™

Redefining the shape of local government image

Redefining the shape of local government

With the new authorities of East Suffolk and West Suffolk launching from next month, what final hurdles do the councils face in coming together? Neil Merrick reports.
Understanding chatbots image

Understanding chatbots

Julian Mead calls for an open and informed discussion around the use of chatbots in local government.
Highways jobs

Change Lead, Adult Social Care & Health

London Borough of Bexley
£41,205 - £48,069
We are currently seeking an experienced Change Lead to work on our Adult Social Care Services’ transformation programme. Bexleyheath, London (Greater)
Recuriter: London Borough of Bexley

Deputy Team Manager

Brent Council
£41,847 - £44,691 p.a. inc.
An exciting opportunity has arisen in the Hospital Discharge Team (HDT) for an experienced Social Worker. Wembley, London (Greater)
Recuriter: Brent Council

Highways Estimator

Competitive Salary
As the Highways Estimator you will join a busy environment and become an integral part of the team. Hounslow (London Borough), London (Greater)
Recuriter: Ringway

Joint Strategic Director of Commissioning 

West Sussex County Council
circa £130,000 per annum
The post holder will be able to demonstrate an understanding and embrace the opportunity to address the health... West Sussex
Recuriter: West Sussex County Council

Head of Lifelong Services

West Sussex County Council
up to £85,000 per annum
The Head of Lifelong Services will lead and deliver a new, co-produced, integrated and whole life approach and service working with people... West Sussex
Recuriter: West Sussex County Council

Local Government News

Latest issue - Local Goverrnemnt News

The December issue of Local Government News looks at the consequences a council may face if it is unable to provide statutory services, the launch of Liverpool’s housing company and how councils can best manage roles in local authority companies.

It also has a special section on green building and energy efficiency including what funding is available to enable councils to deliver heat networks and how councils can pay for ‘smart buildings’.

Register for your free magazine