I honestly never thought I would see the day. Technology has played a part in most governments now for years and, as such, is nothing new. But technology almost toppling a government, well, now that is something we haven’t seen before.
And yet this isn’t going on in a Far Eastern or an Eastern European country, and it has nothing to do with online voting. It is happening in the U.K.—a place that is, in some areas, technologically advanced. And it concerns the loss of 25 million people’s vital data—names, addresses, bank account details, national insurance numbers (the equivalent of our social security numbers) and names of children.
The data, held at HMRC (HM Revenue and Customs) was burnt onto two CDs and then posted, via an internal mail service, over to a different government department. Except that the two CDs never made it and are at this moment still missing.
Let’s park for a moment that fact that the British government is still transferring data via CD (surely an antiquated way of transferring data in this day and age), and the fact that the country did not find out about the data loss until a month after it had occurred, and focus instead on the aftermath and what is happening now.
U.K. Prime Minister Gordon Brown has been forced to apologize and issue emergency statements in Parliament, giving new powers to the Information Commissioners Office to do spot checks on all the data security measures within all government departments. The Chancellor of the Exchequer (who is the Prime Minister’s right-hand man) has been berated and vilified, forced to give a speech in Parliament, set up a review board to find out exactly why the data loss happened, and banks and building societies in the U.K. have told the government that they will not bear the brunt of the cost if there is any outcome from the data getting into fraudsters’ hands.
All of this because of a technology problem. Had the files been encrypted, while still a huge blunder, the consequences of the data loss would have been far less drastic. The other aspect is the human error involved in all of this. Unfortunately, it seems one poor junior executive within HMRC is taking the brunt of the blame. But it was in fact the lack of security processes and checks that were at fault.
So where does the channel fit into all of this? Certainly this is not an excuse to spread fear, uncertainly and doubt among customers. Rather, this is proof that not only having the right technology supplier who checks even the minute details of your security is vital, but that offering additional services to customers in the form of process management, is as important as selling the technology itself.
Encrypting a file, while now may be part of everyday tech-speak, is not actually something that most people can do. Having a trusted technology supplier that can help with the smallest, yet most vital of details such as this, is fundamental and it adds another string to any VAR’s bow of becoming the trusted supplier. More vital and more profitable is the process side of security management. Removing the human error aspect, as far as possible, through designing processes and guidelines, and ensuring they are adhered to without which any kind of security technology is open to mistakes, abuse and oversights. Within a customer, this may not result in the toppling of a government but could result in the ousting of your services.