HMRC highlights end to end encryption requirement

Firms should learn from the HMRC fiasco and ensure sensitive data is encrypted both at rest and in transit.

The recent loss of child benefit records containing millions of personal and financial details by HM Revenue and Customs (HMRC) proves many organisations still do not have adequate measures in place to ensure the secure transfer of sensitive data.

The government admitted that civil servants ignored their own security policies and procedures in copying database information to disk and sending it unencrypted in the post. So what should it have done to protect the data?

Bo Sorensen is vice president of marketing at SSH Communications Security, a firm that specialises in providing end-to-end communications security solutions for large enterprises, financial institutions, and government agencies. “The simple solution would be not to copy them to a disk at all, but to transfer them directly to the receiver in an encrypted form over either internal or external networks, as long as you use software that encrypts the data using strong algorithms,” he said.

Paul Davie, founder of database security company Secerno, believes companies should go a couple of steps further by encrypting sensitive data at source and tightly controlling and monitoring the way people access the database.

“The first thing is to ask why do you want to export it and write it to a disk that can get lost?” said Davie. “But you have to encrypt this stuff both at rest and in transit, of course you do. You then take steps to ensure that only authorised users can get access to it, and also check what those users are doing with the information.”

Davie expressed surprise that a junior member of staff was allowed to download the entire data set from the Child Benefit database rather than simply extract the specific records requested by the NAO, which the HMRC argued would have been too expensive.

“I do not know how its internal charging and reporting works, but I was staggered when it said it was too expensive to get the specific information out of the system, it did not make any sense at all. We know that this data is kept in a relational database format, but the whole point [with relational databases] is that you can pick and choose the data you want,” Davie said.

Implementing a system that monitors normal transaction behaviour within the database and restricts usage can also make it easier to police the transportation of sensitive records. Such a system would quickly spot anomalies like a user suddenly requesting large amounts of data to be accessed and either deny the request or report it to an administrator.

“If the government is consolidating data in its departments, it will end up with not only bigger data systems, but vastly more authorised users. The issue is how you control who can hit which data,” said Davie.

Sorensen believes some government departments have been slow to address an information transit problem that the financial and retail sectors in particular have already tackled.

“During this year, we have seen increased interest in encrypting data in transit from local and central government departments in some instances, but in general they are late to this,” Sorensen said.