These data losses generally haven’t come from wilful hacking or from the wrong people getting access to information they shouldn’t have. They’ve come from people taking information outside the system in which it’s normally held securely. What’s provoking this?

Firstly, there’s a poor design in the software themselves.
How can we have a system that enables you to download the entire records of everyone in a pensions system? Under what circumstances would anyone want this data? Under what circumstances should they be allowed to download this data? There are very few occasions when someone would require access to such extensive data, and when they do, why don’t they just access it in the software that displays it normally? There must be a shortcoming in the software design, whether this is in the user interface or its availability across networks. This is the case for both the loss of data from DWP and MoJ. The software allowed people to perform a task that was inherently insecure; secure systems shouldn’t allow that degree of flexibility.

Secondly, there’s the way that wider security systems and processes have been designed.
What are these protecting against? If you work, as we do, for government organisations, you’ll come face to face with real difficulties in distributing information securely using existing systems. You can’t email some kinds of documents, because email systems and firewalls block them out. You can’t put them on an FTP server, because these are inherently insecure and in any case end users’ ports are blocked. You can’t use SSH, as many government networks block this protocol because they can’t monitor the encrypted data.

So you’re left with physical media (USB keys, CDs, DVDs) to transfer data around. And if you’re doing this frequently with large amounts of data, it’s tedious to keep encrypting it. On top of that, you still have to give relevant access to all the people who’re meant to have access to the documents. It’s little wonder that individuals don’t bother and simply copy things locally, even though they know they shouldn’t.

The way that systems have been implemented not only makes these security breaches possible, it actively encourages them through poor design and catering for the wrong kind of security breaches.

Systems need to be designed to keep secure content within the system. If your system is correctly designed, you shouldn’t need to take data outside it. Oracle’s approach is to say you can take the content out of the system but it needs to reference a central server in order to view it; but there are still many flaws in their approach which I won’t go into here. Since when do you have a document that you can’t control by uploading to a CMS that’s accessed over a secure connection, with relevant access privileges applied? As soon as you allow someone to download it, you’re asking for bad publicity.

We have a tendency to blame the people who circumvent the system, when it’s the system itself that’s at fault.