Security show success

Building on the audience’s response to last year’s keynote address by David Blunkett, the former Home Secretary, this year’s show was addressed by David Smith, the deputy commissioner for the Information Commissioner’s Office (ICO). Smith’s keynote drew a lot of interest from all segments of the audience, mainly because of the ICO’s recent 100-fold increase in its penalties for serious data breaches.
   
The deputy information commissioner said that there are currently around 30 serious breaches reported to his office every month, although onlookers noted with interested that this figure has declined slightly in the last few months. But, he told his audience, the NHS are now responsible for around one third of the data breaches reported to his office, a percentile that pushes the public sector ahead of the private industry in the data breaches stakes. However, what can be understood from these statistics, he explained, is that not all private sector organisations will declare their breaches.
   
“We’re still seeing loss of personal data on unencrypted laptops in both [private and public] sectors,” he said, adding that, despite the increase in penalties, his office is not trying to catch people out, but aims to help businesses – and help people trying to get it right.
   
But, he told his audience, the scale of data losses has significantly evolved and increased over the years: “We’ve gone from losing a few medical files on a few sheets of paper at a time, to losing millions of files on a single disk or USB stick,” he said.
   
Smith used the Ministry of Defence as an example of this evolution, noting that the MOD used to have a culture of secrecy, which has since been eroded by the Facebook generation. “Today, people are willing to share more – a culture of reducing costs and sharing has emerged,” he said.

Theft & loss of data
According to the deputy information commissioner, data breaches are still happening, and are often due to insider wrongdoing, or theft and loss of data on portable devices. There are, he explained, too many organisations ticking the boxes, without investing in real measures to keep up staff training and awareness. “Contractors and processes must be checked,” he said.
   
Smith went on to say that, when and if a breach does occur, those affected should be notified as well as his office. “We don’t want to know about every breach that happens, just the large-scale breaches where there is potential harm to individuals,” he said, noting that, in most cases, his office will record the loss of breach incident but not action it.
   
Out on the show floor, meanwhile, data security specialist Credant Technologies said that the public sector side of the IT security market remains quite buoyant. According to Sean Glynn, the firm’s vice president of marketing, frozen and reducing IT security budgets is a problem amongst IT security vendors who are looking to maintain, and even increase, sales but vertical markets are still quite buoyant in sales terms.
   
Tim Pollard, Credant’s EMEA vice president, meanwhile, said that whilst there is a recession on and sales of IT security software and systems are always going to be difficult in this type of market, there is still room in the market for smaller players who are offering innovative security products.
   
Agility is the key in this market. There is a big market in the NHS, which is watching what is happening on the compliance front in the US, where increasing regulation such as HIPAA, means that NHS IT departments need the best levels of security, he said.

Protecting websites
Research published at the show, found that a large number of business websites are open to attack, mainly because they use insecure web applications. The study, which was carried out by the Ponemon Institute and sponsored by Imperva and WhiteHat Security, found that despite the potential seriousness of the issue, firms are only allocating 18 per cent of their IT security budgets to protect their sites.
   
The study – The State of Application Security – noted that most businesses, despite having numerous mission-critical applications accessible via their websites, are failing to allocate sufficient financial and technical resources to secure and protect their web applications. Commenting on the findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said that it confirms the overwhelming value of taking a strategic and prescriptive posture to the many challenges that organisations face when it comes to protecting their data.
  
The report, which took in responses from more than 600 IT professionals on both sides of the Atlantic, found that whilst only 18 per cent of IT security budgets is allocated to address the problem, a hefty 43 per cent of budgets is being allocated to network and host security, even though these areas are those that respondents felt are of least concern.

Also at Infosecurity, Arbor Networks became the latest IT security vendor to embrace the cloud with its first network and security monitoring offering that runs under VMware. The software – Peakflow X Virtual – runs on VMware ESX and ESXi hyperviser environments and gives companies the same features as Arbor’s hardware appliances, but in a virtualised environment.

Arbor says that its research team has seen a lot of changes in attack profiles in the last 12 months or so. Attacks are not slowing down – they’re increasing. As a result, the company is now seeing cloud-based data centres becoming very attractive to hackers, which is why it has developed a VMware version of its security technology. According to the IT security firm, hackers are starting to target cloud-based resources owing to the fact that gaining access to them can generate the hackers a lot of money.

For more information
Infosecurity Europe 2011 will take place 19-21 April, at Earls Court, London. For further information please visit www.infosec.co.uk

Please register to comment on this article