Experts call for fundamental IT security rethink

NetEvents 2007

Nationwide Building Society's recent loss of a laptop that exposed sensitive personal details of 11 million customers highlights the need for a fundamental reassessment of enterprise security, it was claimed today.

Rob Bamforth, principal analyst with Quocirca, said that the incident highlights "elemental deficiencies" with traditional IT security practices.

"The fundamental issue with the Nationwide data theft was that the whole database was loaded on the laptop," Bamforth said today at the NetEvents symposium in Evian.

"The blunder shows the serious issues around the defragmentation of data. The more you fragment data and keep it separate, the more you can protect your assets as there is less to lose.

"This shows that it is not enough to rely on specific security tools such as encryption. Enterprises need something more fundamental than security software and hardware. What you need is a fundamental rethink."

Bamforth added that taking action such as trying to secure firewalls around data centres missed the fundamental changing nature of data mobility.

"Enterprises are just too porous for data. Devices such as 2GB and 4GB memory sticks cost peanuts now so the extraction of data is so simple," he said.

"To fight this enterprises need to revise policies and procedures. This is all about data flow or data management rather than a security."

However, James Collinge, director of product management at security firm TippingPoint, argued that traditional security technologies are evolving to cope with the new threats.

"Today we can look for malicious traffic and perform some kind of function on that traffic. Ultimately we want to do that with content such as social security numbers," he said.

"We want to enforce policy in real time at the microsecond level. But we will not see this anytime soon."

• Nationwide under fire for customer data loss
• 4G to kill mobile per-second billing