In my second essay looking at increase breaches of personal information through malware and some questionable security practices, I will now take a look at the harbinger of the modern Doomsday Book, the pervasiveness of SQL databases.
There is much about data loss and compromise in the news today, almost on a weekly basis it seems. There was a recent data breach with Orange France in May, who lost the personal information of approximately 1.3 million customers. When questioned, Orange France was unable to confirm whether the data they held was encrypted; this is very serious. It is not like asking someone how long would it take to fly a rocket to the moon, making a best guess. Data either is or is not encrypted when stored within ubiquitous database systems. Orange should have encrypted this data. Not being able to provide an adequate answer, demonstrates to customers that their personal information is not safe with this company. Being able to trust in the security of computing systems is paramount in this information age. It is crucial that companies and governments provide evidence that proves our data is kept safe, unfortunately all too often the contrary is occurring.
Rik Ferguson vice president of security research at Trend Micro recently told the Guardian:
“effective security is no longer about designing architecture with the aim of keeping the attacker out permanently, that’s a pipe dream. If they want to get in, they will get in.”
Is this a lack of imagination in protecting personal data or a consequence of how data is stored in the early 21st Century? If we take Mr Ferguson’s advice, then we should stop using computer systems for all personal information. However there are ways of designing computing architecture to reduce the surface area of an attack.
Many online services are far from safe and some are known for not using encryption on personal information stored; remember the Sony hack of 2011. Worse still, many companies not only use web services with associated SQL servers containing personal information connected to the Internet, but also whole networks. This enables their employees to email, process data and surf the web, while also having access to your personal data. As a consequence, crackers and other malfeasants can also gain access. Continue reading