Right we get the point but
Wouldn't he be doing better to try and foster some kind of 'bring your data home' initiative to keep it onshore instead?
Prime Minister David Cameron will step up UK co-operation with India on cyber security on Tuesday in a bid to better protect data stored on Indian servers as well as share intelligence on breaking threats. Cameron is in India as part of a three-day trade trip designed to build stronger business ties with the vast emerging …
"Wouldn't he be doing better to try and foster some kind of 'bring your data home' initiative to keep it onshore instead?" Well, yes and no. Yes, it should be more secure, but no because it will be more expensive. Outsourcing to India is cheaper, hence the popularity for companies trying to cut costs, but then the cost of bribing someone in the outsourced company to subvert security is also cheaper. The simplest way to break any security system is to get someone on the inside to break it open for you. Training the locals in advanced security will simply make them better at subverting any additional security. Companies can live with that if they simply don't care about the penalties, so we would see a lot more reversed outsourcing deals if the UK enacted some serious penalties (financial and jail-time for CEO/CIOs) for security breaches of outsourced data.
Don't you get it yet? Yes outsourcing IS cheaper... For the first quarter, or maybe the first year. Enough for whoever inked the deal to be hailed as a business genius and get his bonus and promotion. Then the wheels come off and you're over a barrel. Penny wise, pound foolish as they say.
But then, g e, there would be no one foreign to blame the failings of home security on. Government IT is all about finding a fall guy and avoiding responsibility and accountability for inherent sub-prime performance at glorious public expense.
Methinks that is the leading point you missed and omitted to mention, g e. Or is that one being too cynical?
I disagree. If data is accessible through the internet, whether through an encrypted channel or not, it doesn't matter in the slightest where it is physically located.
Data should be encrypted at the earliest possible opportunity and should be decrypted at the point at which it is needed.
The industry is banging on about self-encrypted hard drives, in-flight encryption across networks or SAN fabrics and so on, all of which is absolutely useless when the person after that data has access to those systems.
If you really believe that, then I presume you don't have a bank account. All of our banks are accessible by workers who have remote access. In fact, I have online banking, so I can get into anyone's bank account in my bank and steal their money, by your reckoning.
You're right that all data accessible through the internet is not protected. That's exactly my point. You need to make whatever data that is accessible to the internet worthless to anyone who gets their hands on it. Put something on a computer and you have to assume someone else can get to it.
Did you even read my comment? Did you stop to think about what what I was actually saying? Or did you assume that I was yet another person picking you up on one of your stupid comments? For the record, I don't think your comment was necessarily a bad one. I just disagreed. By simply stating that my argument is meaningless is doing nothing other than showing you up for the rude idiot that you clearly are.
Well, you do make some good points, and I agree regarding where the data is encrypted, and that's pretty much my point. If you have data that is at rest here in the UK, and you give access to that data or the systems on which that data resides to somebody outside this country, then that person is able to steal that data no more or less easily than they would be able to if that data resided abroad.
So there's various places where data can be at risk. If someone has access to a server, then they're going to get access to the data on the server. And as you say, that's where the number crunching is done and the data needs to be unencrypted. So you want to restrict that access, so that no matter where that server is physically located, whoever is able to reach a login prompt can't get in. It doesn't matter where it's physically located, unless there is no access to the outside world at all (in which case your argument stands).
Then there's the underlying systems. Things like SAN-attached storage systems. The easiest way to steal data from one of those if you have access is to take a flash copy of the data, map that data to a host, and it's yours. If you want to be sneakier, you'd migrate the data via some disks, create a new volume on those disks and then map it somewhere "for testing purposes". Incredibly easy to do and to hide. How do you stop this? Encrypt it at source.
I'll retract the idiot comment though as you provided a reasoned response. I don't think your data would be any safer in this country than it would abroad. Assuming that it would would be naive.
"Prime Minister David Cameron will step up UK co-operation with India on cyber security on Tuesday in a bid to better protect data stored on Indian servers as well as share intelligence on breaking threats."
Please give our security apparatus easier access to your 'computers', besides HM Gov can't even keep their own 'computers' secure.
What could possibly go wrong, give all your data to the Alabama of the Asian Tigers ;)
I note their car market is stalled and looks unlikely to break 2M/yr now .... China's is looking to hit 18M this year with growth accelerating. UK sells more than 2M now, Germany about 3.1M. USA about 16M or so.
QUOTE: “Other countries securing their data is effectively helping us secure our data. I think this is an area where Britain has some real competitive and technology advantages,” said Cameron.
Companies only use foreign entities to save money.
HSBC hires a special sort of company, one with no intelligent employees who's abilities could be replaced with a screen reader. One female was happily reading the standard response when she missed a word. I told her she had missed a word and asked that she re-read the paragraph all over again!
And most of these sweat shop call centres are owned by an American company based in California.
We should expect our British business be conducted in Britain, not in some slum in India where many are tempted to make money on the side by selling data. THE LEAKS ARE NOT IN COMPUTER SYSTEMS, the leaks are by foreign employees who are simply trying to make a few extra Rupees on the side.
I refuse to deal with these entities, in fact one refuses to deal with me and simply bounces the call back to the UK - which is what I want. If you want the same go learn some 'bad words' in whatever language they speak in the call centre location - you can end up dealing with your British company in the UK.
I would have to point out at this point that no-one should be even implying that Indian datacentre employees are somehow less trustworthy than UK employees, as all that security know-how we're just dying to stitch the Indians up with comes from dealing with data-thieving UK employees! The only difference is it is cheaper to bribe the Indian employee compared to the UK one.
Biting the hand that feeds IT © 1998–2019