Security Features - June 2011

BSIA member pioneers closed loop recycling, information destruction and business solution scheme
Environmental issues and the secure disposal of confidential waste are both high on the agenda of businesses today. However, ensuring compliance with data protection regulation whilst implementing sustainable waste management strategies can prove a challenge when resources are stretched to the limit. In these difficult financial times, finding innovative and cost effective solutions that can clearly demonstrate Return on Investment is key to business success.
To this end, a member of the BSIA’s Information Destruction section has pioneered an award-winning information destruction, recycling and business solution scheme with a large firm in London.  Through the scheme, the security company collects confidential waste paper from the client, shreds it and bails it. Next, the paper is sent to the collaborating paper mill, where it is recycled and turned into ‘new’ office paper. This is then sold back to the client company at a competitive rate.
The success of the scheme is largely due to the positive cooperation between all parties, and to date 325 tonnes of paper were shredded and recycled, 5,514 trees were saved and 729m3 of waste destined for landfill was avoided. Moreover, the client company is granted piece of mind, knowing that its waste is being handled in line with European and UK regulation, and is benefiting from considerable ROI due to the savings made by buying back the original paper once this has been recycled. More than half of the paper used by the client firm’s 2,500 partners and staff in its London office is now in fact recycled paper acquired through this scheme.
Ineffective waste management strategies can result in data breaches that not only have a negative impact on reputation and consumer confidence, but also have serious financial implications. Research recently commissioned by the Information Commissioner’s Office (ICO) has found that 92% of individuals surveyed are concerned that organisations do not keep their details secure. Continuous reports of data breaches prove how well founded these concerns are, and demonstrate that organisations need to do more to regain consumer confidence and credibility.
The BSIA is a great place to start when searching for a reputable data destruction supplier, as association members adhere to strict quality standards and are at the forefront of industry best practice and innovation. For more information, visit the Information Destruction section’s website on www.bsia.co.uk/shredding
The BSIA is also hosting its second annual Information Destruction conference and exhibition, aimed at sharing best practice amongst suppliers and service providers within the information destruction industry, on the 8th June at the National Motorcycle Museum in Birmingham. The event will be essential for keeping up to speed with the key developments in the industry. For more information visit the Association’s website.

What other hacks are lurking in the electronic jungle?
Reports that Sony has been in database leak hell is a serious blow to the Japanese IT giant's credibility but  the bigger question is what other database leaks are lurking in the electronic undergrowth.
According to Andy Cordial, managing director of Origin Storage, with major database incursions taking place on an almost daily basis, it is clear that current corporate security defence strategies are no longer enough.
"Quite aside from the Sony double-whammy, there have been hacks of several corporates, including the Epsilon database cracking incident, in recent weeks. Regardless of what caused these incursions, it is now clear that the database security systems in active use on both sides of the Atlantic are no longer sufficient," he said.
"Most security professionals understand that a multi-layered approach can be the best option, but - until now - this was not always the most cost-effective approach. The $64,000 question, however, is - what is the real solution to this pressing issue?" he added.
The answer, says the Origin Storage MD, is that a multi-layered approach need not be the expensive option that many IT managers are so fearful off.
Technologies can provide a highly cost-effective solution to data that needs to be moved around, including across and even outside the office.
It's important, he explained, to understand the difference between data at rest and data on the move, as well as the need to better defend data on a centralised database.
Good security, Cordial argues, is all about deploying the optimum security for a variety of situations. With a centralised database, there may be an argument for the use of multi-level authentication technology alongside encryption, meaning that even if the encryption system is broken for whatever reason, access to the data can still be restricted.
And when IT staff have move data around on a portable basis, perhaps for backup purposes, he says, they can use multi-level security.
What we are seeing, says the Origin Storage MD, is an obvious change in the modus operandi of hackers who are intent on extracting user credentials from as many corporates as possible.
Whatever their methodology, however, the fact is that IT managers need to raise the bar when it comes to protecting their data, and this can most cost-effectively be carried out using a mixture of security technologies.
"It's very easy to lose sight of the fact that fraudsters will always tend to gravitate towards the easiest system to crack. Put simply, this means that, if you make it difficult enough for them on your own firm's IT systems, they will go elsewhere," he said.