Dan Davies 13 April 2018

Cyber security: challenging the old way of doing things

Cyber security: challenging the old way of doing things

Data security is a big concern but many local government organisations continue to rely on centralised data systems that are vulnerable to attack. As long-term efficiency measures continue to erode spending, can a complete shift in approach help those in local government square the circle and provide necessary security with a cost saving alternative?

For years, organisations have trusted in systems where data is put in one place and they trust the system will keep the data safe. Admittedly, these centralised systems are very sophisticated using a server or data centre, or the ‘cloud’.

They also have the ability to hold thousands if not millions of accounts and files with sensitive data such as confidential organisational and customer/financial/employee information. These centralised systems have been the paradigm for many years.

By its very nature, the centralised client-server model makes it an attractive target to attack. A successful data breach requires just one single point of failure. This Achilles’ heel makes the systems easy targets for malicious breaches like the NHS ransomware attack. The recent scandal to hit Facebook concerning sensitive data being unwittingly divulged to third parties serves only to highlight the firefighting many organisations face in order to manage and protect data.

What then follows, when a breach occurs, is a cycle of behaviour that never really resolves the issue: patch it up, it breaks, patch it up and it breaks again. Organisations get called to account with nasty letters from the Information Commissioner or perhaps they get dragged in front of parliament or a group of MPs to answer for the breach, and the threat of hefty fines. Lots of head-nodding, and lots of ‘sorry, this won’t happen again’ and promises of better training and better security.

But 'sticking plaster' IT security strategies on large scale networks mean data breaches will remain a constant challenge because fundamentally the underlying system doesn’t change. Rather than trying to patch up a bad system, what if there is an alternative which has no single central point of failure and can spread the risk by 'spreading' the data?

Decentralised peer-to-peer systems have been around for a while but they have an increasing relevance as large scale data breaches become more commonplace. The technology offers an alternative way of approaching data security by turning the current paradigm on its head.

Using a decentralised or ‘peer-to-peer’ communication system means data doesn’t sit in one place and, therefore, greatly reduces a system’s vulnerability to a single attack that could unlock the whole system.

Decentralised, peer-to-peer systems spread segments of data across a number of machines (10s, 100s, 1000s). The individual data fragments are meaningless on their own so, even if an attack did take place, the data obtained would be worthless and the impact of that attack significantly reduced.

In simplistic terms, decentralised computing works by using millions of ‘boxes’ all holding just part of the data, not all of it in its entirety. These boxes are ‘stored’ in millions of locations. So, if an attacker wants to steal the confidential data it’s got to locate and unlock millions of boxes to try to piece the encrypted data together. It’s too difficult, and why would they when they can attack another organisation which uses a centralised system with only one point of attack and not millions?

For organisations hit by budgetary constraints, the decentralised model costs much less than the existing model as there is no need for data servers, ‘middle men’ or thousands of back office engineers to repair and manage security updates.

Peer-to-peer systems are also incredibly scalable, making them a practical and cost-effective option for local government organisations working with thousands or millions of data files.

Although not a silver bullet for every organisation, it can offer an improved solution to the threat of data security for those with responsibility for holding and protecting sensitive data.

Peer-to-peer systems have a wide variety of applications. For those driving change at a local government level, strategies such as Smart Cities and operators of critical services, it can offer a solution for improved security and privacy.

At a time when local government is under long term pressure to deliver value with restricted budgets, those responsible for IT security should think outside the box. Think about millions of boxes to hold data and think of a decentralised way of improving security that can also deliver financial savings.

Dan Davies is the business development director of Zovolt Ltd responsible for Streembit™

 
comments powered by Disqus