Information Age readers will already be familiar with the UK government’s data protection track record. Suffice it to say, public sector handling of public data often leaves a lot to be desired.
According to one IT practitioner operating within the public sector, the only way to effectively safeguard against data leaks may be to drastically rethink the way computing services are provisioned.
Instead of fretting over the whereabouts of this laptop, or that USB drive, perhaps the focus of data custodians should be users’ ability to download sensitive material in the first place, Dr. Zafar Chaudry, IT director of Liverpool Women´s NHS, told me in a call today.
“The problems [with mobile working] start when people are downloading material on to their laptops when perhaps they shouldn’t,” he said. ”And most organisations don’t have any visibility into what happens to the data once it has been downloaded.”
Chaudry’s users are restricted from copying any data from the Trust’s systems onto their laptop.
“When we have given access to systems offsite, we’ve always had the practice of saying that a connection [to an application or data] would take place within our environment,” he explains. “You cannot download on to your laptop, and nor does laptop OS allow you to do all that much with the data – all data handling takes place in a session on our systems.”
The Trust also recommends users share documents in the form of a PDF, to which access can be user protected.
But Chaudry sees the cenrtalisation of computing resources stretch much further – and benefits going beyond security.
“When users are accessing applications from a central platform,” he said, “it makes it much easier to monitor their performance. That way I can see how long people are spending on email, for example, and find out which systems are slowing them down.”
And this move is something that Chaudry believes is already underway in government IT circles.