NHS may add in-the-cloud security solution

Is this the right answer?


A week ago, I wrote about National Health Service's escalating security issues and the problems it encountered so far in terms of computer and data protection. My point was that part of their problem – which actually raises the same more or less (potential) questions for all organizations, private or public alike – consists of a weak information security policy.

As I found out this morning, UK NHS could approach in-the-cloud security as a response to the undergoing difficulties it has in defending sensitive data. The initiative may have its share of benefits, as it could solve at least part of the problem – i.e. the concern of data going back and forth online through Web or e-mail, encryption etc.

However, what in-the-cloud can't actually handle in this (and probably other) particular case(s) are two other factors, which, in my opinion, are important as well: humans and hardware. Except for the targeted attacks, inside negligence is probably the other major cause for data leaking. If we put into this equation an employee with an USB stick, iPod or any other mobile storage device that can connect to a single terminal in the network or a laptop that somehow gets lost, I guess that in-the-cloud is not going to help much.

Which leads us back to the issue of policies/strategies and of (multi-)layered security approach I've been discussing in my previously mentioned post. Adding an extra layer of defense is always a good idea and it proves, among other things, that there is a specific degree of awareness inside that organization. But crafting and deploying a security strategy should go further than that. Actually, what I'm trying to say (and I'll keep repeating on and on, like a broken record) is that: users hold the key-role in security and some security is always better than no security at all, but no matter how much security you have, you'll never have enough!

Safe surfing everybody!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.