Skip to main content

Centralisation, security, and 25m personal account details

The media and online world are buzzing with the news that HMRC have lost discs containing financial details of 25m people. My particular interest is to what extent the centralisation of the database contributed to the problem. If we consider the NPfIT programme for storing medical records, would they be safer in distributed data stores? At first glance, one might think that a security breach in one store would at least be limited to the set of data held there. But those distributed stores would have to be networked and to allow remote queries; would this increase security (by checking for mass requests) or decrease it (because people wouldn't know which remote requests to distrust)?

In the meantime, here are a few URLs to comments that I found interesting. Philip Virgo worries (as do I) about those organisations that cover up their breaches rather than report them. David Lacey argues that certification of security practices is required to make sure policies are followed. On a related note, the UK's information commisionner is calling for his office to have powers to inspect and fine organistions for failing to properly protect personal data. Finally, Ross Anderson's rather trenchant comment includes several links that are relevant to security practices in the UK government.

Comments

Popular posts from this blog

2016 has been a good year

So much has happened over the last year with our Enterprise Architecture practice that it's hard to write a succinct summary.  For my day-to-day experience as enterprise architect, the biggest change is that I now have a team to work with.  This time last year, I was in the middle of a 12-month secondment to create the EA practice, working mainly on my own.  Now my post has been made permanent and I have recruited two members of staff to help meet the University's architectural needs.

I have spent a lot of the year meeting people, listening to their concerns and explaining how architecture can help them.  This communication remains vital, the absolute core of what we do and we will continue to meet people in this way.  We also talk to people in other Universities in order to learn from what they are doing and to share our own experience back.  A highlight in this regard was my trip to the USA last January.

Our biggest deliverable for the past year was the design of the data wa…

A new EA Repository

One of my goals since starting this job two years ago has always been to create a repository for architecture documents.  The idea is to have a central store where people can find information about the University's applications, data sources, business processes, and other architectural information.  This store will make it easier for us to explain our plans, to show the current state of the University's information systems, and to explain what Enterprise Architecture is all about.

It's taken a long time to reach this goal, mainly because we're often had more pressing and immediate work to be done.  The creation of a repository is one of those tasks that is very important but never quite urgent.  So I'm now very happy to say that we are in the process of deploying a repository and modelling tool.


This is the culmination of a careful process to select the most appropriate tool for our needs.  We began by organising several workshops to gather requirements from a rang…

A brief summary of our major initiatives

I notice that in 2016 I wrote 34 posts on this blog.  This is only my fifth post in 2017 and we're already three-quarters of the way through the year.  Either I've suddenly got lazier, or else I've had less time to spend writing here.  As I'm not inclined to think of myself as especially lazy, I'm plumping for the latter explanation.

There really is a lot going on.  The University has several major initiatives under way, many of which need input from the Enterprise Architecture section.

The Service Excellence programme is overhauling (the buzzword is "transforming") our administrative processes for HR, Finance, and Student Administration.  Linked to this is a programme to procure an integrated ERP system to replace the adminstrative IT systems. 

Enabling Digital Transformation is a programme to put the middleware and architecture in place so that we can make our processes "digital first".  We're implementing an API framework, a notification…