Skip to main content

Centralisation, security, and 25m personal account details

The media and online world are buzzing with the news that HMRC have lost discs containing financial details of 25m people. My particular interest is to what extent the centralisation of the database contributed to the problem. If we consider the NPfIT programme for storing medical records, would they be safer in distributed data stores? At first glance, one might think that a security breach in one store would at least be limited to the set of data held there. But those distributed stores would have to be networked and to allow remote queries; would this increase security (by checking for mass requests) or decrease it (because people wouldn't know which remote requests to distrust)?

In the meantime, here are a few URLs to comments that I found interesting. Philip Virgo worries (as do I) about those organisations that cover up their breaches rather than report them. David Lacey argues that certification of security practices is required to make sure policies are followed. On a related note, the UK's information commisionner is calling for his office to have powers to inspect and fine organistions for failing to properly protect personal data. Finally, Ross Anderson's rather trenchant comment includes several links that are relevant to security practices in the UK government.

Comments

Post a Comment

Popular posts from this blog

Webinar: Powering your business with Cloud Computing

On October 14th, I will be hosting a Grid Computing Now! web seminar on the topic of Cloud Computing. We have lined up two very interesting speakers who are using Cloud now to make businesses work. Ross Cooney had a good technological solution to sell but couldn't make it economic until Cloud Computing allowed him to pay for his computation only when he needed it. He will discuss the instant benefits and long term impact of cloud computing to the development, competitiveness and scalability of your application. Alan Williamson created the BlueDragon Java CFML runtime engine that powers MySpace.com. He advises several businesses and will give an overview of the different types of services available and how to avoid being locked-in to a single supplier. You can register for this event here .
Post a Comment
Read more

Business Model Canvas

A Business Model Canvas is a tool for mapping the core functions and capabilities of an organisation.  Compared to the Core Diagrams that I described in an earlier post , the business model canvas attempts to present more aspects of the business, starting with the value proposition – a statement of what the organisation offers to its users (in the business world, to its customers).  It shows the activities and resources, as Core Diagrams do, but also shows user relationships & channels, and also benefits and costs.  I’m not aware of any universities that have used this tool but you can find examples from elsewhere on the web. We are considering business model canvases as a tool for mapping the strategic capabilities of units at the University of Edinburgh.  Phil Taylor, our EA contractor, sketched an outline of what a business model canvas might begin to look like for HR: This is only intended to be suggestive: the real canvas would need to result from in-de...
2 comments
Read more

Changing Principles

In EA, architecture principles set a framework for making architectural decisions.  They help to establish a common understanding across different groups of stakeholders, and provide guidance for portfolios and projects.  Michael Durso of the LSE gave a good introduction to the idea in a webinar last week for the UCISA EA community. Many organisations take the TOGAF architecture principles as a starting point.  These are based on the four architectural domains of TOGAF: business, information/data, applications, technology/infrastructure.  These principles tend to describe what should be done, e.g. re-use applications, buy in software rather than build it, keep data secure.  See for example the principles adopted at Plymouth University and the University of Birmingham . Recently though, I encountered a different way of looking at principles.  The user experience design community tend to focus more on how we should do things.  E.g. we should...
1 comment
Read more