BitDepth

Digital security begins with data management

3 Mins read

BitDepth#1001 for August 11, 2015

Members of the Microsoft Digital Crimes Unit work in a forensics lab in the Cybercrime Center. Photo courtesy Microsoft.

Members of the Microsoft Digital Crimes Unit work in a forensics lab in the Cybercrime Center. Photo courtesy Microsoft.

The remarkable story of a confidential memorandum regarding a potential terrorist threat being circulated on social media within hours of it being issues from police headquarters in Trinidad and Tobago caused citizens no small disquiet.

This was a document that alleged a plot against Prime Minister Kamla Persad-Bissessar by an organisation with a proven capacity for insurrection in this country.

That memo, photographed and circulated widely, suggested serious problems with the way that information is shared and managed within the T&T Police Service, but it isn’t a problem that’s unique to a police force or national defence services, according to Roberto Arbeláez CISSP, CISA Security Program Manager for Microsoft Latin America.

Arbeláez started working in the security sector at 16 while at university and has 20 years of experience in working with security solutions in most countries in Latin America, creating solutions for both the corporate and public sectors.

“It’s a problem that crosses industries,” he said in an exclusive Skype interview.

“It’s the same issue for police officers, in telecommunications industries and in banking, privacy and security are basic issues that CIOs in large organisations have to address.

“Solutions have been in place for decades which address those concerns. In the seventies the US commissioned a custom solution to secure communication at the Pentagon.”

“That process is now much easier to implement and manage because of the technologies that the cloud and mobile have introduced.”

It’s now possible, Arbeláez explained, to layer security solutions on top of cloud based distributions.

The technology allows administrators and users to set permissions that limit who can view a document to a very fine-grained level. It’s possible to have a secured file living next to personal information with complete control over who can view each file.

Security measures can block documents from being distributed digitally while allowing full access for viewing by authorised users.

Microsoft, Arbeláez noted, can secure voice and video communications between users and can fully encrypt communications within Skype, the company’s consumer level VOIP solution.

It’s an industry, he noted, which has seen the deployment of significantly improved security communications options over the last three years in particular.

Most of the software industry, including cloud providers are very aware of the need for security, but for Microsoft, it’s one of the top two design imperatives.

“For most countries, the greatest challenge is making the political decision to implement those solutions,” Arbeláez said.

Other issues arise with the quality of implementation of these systems, and the commitment by administrators to keeping systems properly organised and secured.

There can also be resistance to moving analog based data to digital formats because of the perceived security of analog distribution.

“Our products are among the most secure and are more than adequate for implementation in security sensitive scenarios,” he said.

The process begins with asset inventory and classification, which requires customers to organise their documents and communications channels in alignment with their processes and culture, and it’s something that’s done internally because of security concerns.

“This is one of the most tricky parts of the process,” Arbeláez explains. “It generally can’t be done by outside vendors, and the process can take between a year and a year and a half, we’ve found.”

“Once that’s done, the easy part is to implement the communications and document management systems.”

It’s a process that can take between three to six months, depending on the complexity of the classifications that have been created by the customer.

Implementations take place in stages, with communications being the first.

A Skype based installation can take around three to four months and a Sharepoint installation for document distribution can take a couple of months.

A full enterprise or government level installation by Microsoft can take up to 18 months to complete, but it’s done in phases.

There can be a lot of reasons for not doing it, but it’s Microsoft’s experience,” Arbeláez said, “that solutions implemented using technology are safer and more resistant to efforts to abuse them than paper based systems.”

“Something like the distribution of a picture of a document would not happen in an organisation that has implemented a digitally secured environment.”

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

Related posts
Press Releases

Samsung extends Knox security to its home appliances

2 Mins read
Knox Matrix is a security solution that comprehensively protects connected devices and networks using private blockchain technology.
BitDepthFeatured

Practical steps to reducing cybersecurity risks

4 Mins read
The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
BitDepthFeatured

The consequences of careless code

5 Mins read
The cruel reality of Crowdstrike is that it wasn’t a cybersecurity attack. It was a quality of service lapse and the incident puts IT professionals in an odd space.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Share your perspective in the comments!x
()
x