Dan Davies 13 April 2018

Cyber security: challenging the old way of doing things

Cyber security: challenging the old way of doing things image

Data security is a big concern but many local government organisations continue to rely on centralised data systems that are vulnerable to attack. As long-term efficiency measures continue to erode spending, can a complete shift in approach help those in local government square the circle and provide necessary security with a cost saving alternative?

For years, organisations have trusted in systems where data is put in one place and they trust the system will keep the data safe. Admittedly, these centralised systems are very sophisticated using a server or data centre, or the ‘cloud’.

They also have the ability to hold thousands if not millions of accounts and files with sensitive data such as confidential organisational and customer/financial/employee information. These centralised systems have been the paradigm for many years.

By its very nature, the centralised client-server model makes it an attractive target to attack. A successful data breach requires just one single point of failure. This Achilles’ heel makes the systems easy targets for malicious breaches like the NHS ransomware attack. The recent scandal to hit Facebook concerning sensitive data being unwittingly divulged to third parties serves only to highlight the firefighting many organisations face in order to manage and protect data.

What then follows, when a breach occurs, is a cycle of behaviour that never really resolves the issue: patch it up, it breaks, patch it up and it breaks again. Organisations get called to account with nasty letters from the Information Commissioner or perhaps they get dragged in front of parliament or a group of MPs to answer for the breach, and the threat of hefty fines. Lots of head-nodding, and lots of ‘sorry, this won’t happen again’ and promises of better training and better security.

But 'sticking plaster' IT security strategies on large scale networks mean data breaches will remain a constant challenge because fundamentally the underlying system doesn’t change. Rather than trying to patch up a bad system, what if there is an alternative which has no single central point of failure and can spread the risk by 'spreading' the data?

Decentralised peer-to-peer systems have been around for a while but they have an increasing relevance as large scale data breaches become more commonplace. The technology offers an alternative way of approaching data security by turning the current paradigm on its head.

Using a decentralised or ‘peer-to-peer’ communication system means data doesn’t sit in one place and, therefore, greatly reduces a system’s vulnerability to a single attack that could unlock the whole system.

Decentralised, peer-to-peer systems spread segments of data across a number of machines (10s, 100s, 1000s). The individual data fragments are meaningless on their own so, even if an attack did take place, the data obtained would be worthless and the impact of that attack significantly reduced.

In simplistic terms, decentralised computing works by using millions of ‘boxes’ all holding just part of the data, not all of it in its entirety. These boxes are ‘stored’ in millions of locations. So, if an attacker wants to steal the confidential data it’s got to locate and unlock millions of boxes to try to piece the encrypted data together. It’s too difficult, and why would they when they can attack another organisation which uses a centralised system with only one point of attack and not millions?

For organisations hit by budgetary constraints, the decentralised model costs much less than the existing model as there is no need for data servers, ‘middle men’ or thousands of back office engineers to repair and manage security updates.

Peer-to-peer systems are also incredibly scalable, making them a practical and cost-effective option for local government organisations working with thousands or millions of data files.

Although not a silver bullet for every organisation, it can offer an improved solution to the threat of data security for those with responsibility for holding and protecting sensitive data.

Peer-to-peer systems have a wide variety of applications. For those driving change at a local government level, strategies such as Smart Cities and operators of critical services, it can offer a solution for improved security and privacy.

At a time when local government is under long term pressure to deliver value with restricted budgets, those responsible for IT security should think outside the box. Think about millions of boxes to hold data and think of a decentralised way of improving security that can also deliver financial savings.

Dan Davies is the business development director of Zovolt Ltd responsible for Streembit™

For your free daily news bulletin
Highways jobs

Qualified Social Workers - Adult Services

Essex County Council
£30906 - £42254 per annum
Essex County Council ( ECC) can offer a wide range of opportunities within Social Care for Qualified Social Workers across a variety of teams and the England, Essex, Harlow
Recuriter: Essex County Council

Occupational Therapists - Adult Services in South Essex

Essex County Council
£30906 - £42254 per annum
Primary Location
Recuriter: Essex County Council

Qualified Social Workers - Adult Services Teams

Essex County Council
£30906 - £42254 per annum
Primary Location
Recuriter: Essex County Council

Social Worker - Under 10s Connecting and Uniting Team

Essex County Council
£30900 - £42250 per annum + Plus Excellent Benefits Package
This position will focus primarily upon working with children between the ages of 0-10 who have been looked after by the local authority for a significant period (20 weeks or longer), and where following careful assessment by the allocated social worker, England, Essex, Chelmsford
Recuriter: Essex County Council

Senior Support Worker - DBIT Edge of Care Core Service

Essex County Council
£20600 - £26800 per annum + Plus Excellent Benefits Package
NVQ Level 3 - Caring for Children and Young People or equivalent qualification or work-based experience. * Experience/Knowledge/Interest in the Solution Focused approach. England, Essex, Chelmsford
Recuriter: Essex County Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue