Dan Davies 13 April 2018

Cyber security: challenging the old way of doing things

Data security is a big concern but many local government organisations continue to rely on centralised data systems that are vulnerable to attack. As long-term efficiency measures continue to erode spending, can a complete shift in approach help those in local government square the circle and provide necessary security with a cost saving alternative?

For years, organisations have trusted in systems where data is put in one place and they trust the system will keep the data safe. Admittedly, these centralised systems are very sophisticated using a server or data centre, or the ‘cloud’.

They also have the ability to hold thousands if not millions of accounts and files with sensitive data such as confidential organisational and customer/financial/employee information. These centralised systems have been the paradigm for many years.

By its very nature, the centralised client-server model makes it an attractive target to attack. A successful data breach requires just one single point of failure. This Achilles’ heel makes the systems easy targets for malicious breaches like the NHS ransomware attack. The recent scandal to hit Facebook concerning sensitive data being unwittingly divulged to third parties serves only to highlight the firefighting many organisations face in order to manage and protect data.

What then follows, when a breach occurs, is a cycle of behaviour that never really resolves the issue: patch it up, it breaks, patch it up and it breaks again. Organisations get called to account with nasty letters from the Information Commissioner or perhaps they get dragged in front of parliament or a group of MPs to answer for the breach, and the threat of hefty fines. Lots of head-nodding, and lots of ‘sorry, this won’t happen again’ and promises of better training and better security.

But 'sticking plaster' IT security strategies on large scale networks mean data breaches will remain a constant challenge because fundamentally the underlying system doesn’t change. Rather than trying to patch up a bad system, what if there is an alternative which has no single central point of failure and can spread the risk by 'spreading' the data?

Decentralised peer-to-peer systems have been around for a while but they have an increasing relevance as large scale data breaches become more commonplace. The technology offers an alternative way of approaching data security by turning the current paradigm on its head.

Using a decentralised or ‘peer-to-peer’ communication system means data doesn’t sit in one place and, therefore, greatly reduces a system’s vulnerability to a single attack that could unlock the whole system.

Decentralised, peer-to-peer systems spread segments of data across a number of machines (10s, 100s, 1000s). The individual data fragments are meaningless on their own so, even if an attack did take place, the data obtained would be worthless and the impact of that attack significantly reduced.

In simplistic terms, decentralised computing works by using millions of ‘boxes’ all holding just part of the data, not all of it in its entirety. These boxes are ‘stored’ in millions of locations. So, if an attacker wants to steal the confidential data it’s got to locate and unlock millions of boxes to try to piece the encrypted data together. It’s too difficult, and why would they when they can attack another organisation which uses a centralised system with only one point of attack and not millions?

For organisations hit by budgetary constraints, the decentralised model costs much less than the existing model as there is no need for data servers, ‘middle men’ or thousands of back office engineers to repair and manage security updates.

Peer-to-peer systems are also incredibly scalable, making them a practical and cost-effective option for local government organisations working with thousands or millions of data files.

Although not a silver bullet for every organisation, it can offer an improved solution to the threat of data security for those with responsibility for holding and protecting sensitive data.

Peer-to-peer systems have a wide variety of applications. For those driving change at a local government level, strategies such as Smart Cities and operators of critical services, it can offer a solution for improved security and privacy.

At a time when local government is under long term pressure to deliver value with restricted budgets, those responsible for IT security should think outside the box. Think about millions of boxes to hold data and think of a decentralised way of improving security that can also deliver financial savings.

Dan Davies is the business development director of Zovolt Ltd responsible for Streembit™

For your free daily news bulletin
Highways jobs

Highways Operative - Barrow x4

Cumbria County Council
£22,571 – £23,484
We are looking to recruit a new Highways Operative to our Highways Service. Cumbria
Recuriter: Cumbria County Council

Refugee Resettlement Interpreter - Ukrainian and Russian

Cumbria County Council
£28,226 - £29,174
‘Homes for Ukraine’ is the Government’s initiative to supporting those fleeing the conflict in Ukraine. Cumbria / Countywide
Recuriter: Cumbria County Council

Safer Spaces Community Safety Enforcement Officer

Royal Borough of Greenwich
£31,122 - £32,112
Our Community Safety Enforcement Officers are responsible for improving community safety outcomes throughout the Royal Borough’s main Town Centres. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Enforcement Support Officer

Royal Borough of Greenwich
£31,122 - £32,112
The Royal Borough of Greenwich are looking for dedicated, enthusiastic, and compassionate individuals. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Communications and Engagement Officer

Royal Borough of Greenwich
£38,385 to £41,586
We’re looking for an enthusiastic and dedicated communications professional to join our team. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.