Monday 17 November 2008

A Safer World

I was at the third Global Security Challenge event at the London Business School on Thursday. This is a well-organized conference that has grown from small beginnings and is a huge credit to the LBS students that organize and run it. They have secured fantastic business sponsors and some extremely high-caliber speakers for a competition to showcase the latest innovation in security in its widest sense, from new-generation lie detectors, to sensors, tracking systems and new encryption technologies.

I was particularly impressed with the presentation from Chris Darby, President and CEO of InQtel. In a talk presenting huge accumulated wisdom of great value to the budding LBS entrepreneurs in the audience, he summed up the security proposition neatly as “We all just want a safer world for our children”.

And so we do. Yet so much of day-to-day IT security is about coping with the minutiae of small breaches and subsequent irritations. The following evening I met up with Alf – a lifelong friend and small-businessman in Oxford, UK who has managed to keep his own business running on a shoestring for fifteen years. His week was made miserable when he was unable to book the transportation needed to meet his delivery commitments. It turned out his company credit card had been cloned and abused, creating the sort of short-term problems that can kill companies in times like these.

The question we pondered was “who knew about this?” Alf still doesn’t know how his card data was stolen, but could he have been informed before? I was disappointed to hear the UK Information Commissioner, Richard Thomas, supporting the Government’s view that US-style data breach disclosure legislation “would be a significant additional burden for businesses, and could cause public 'breach fatigue'". Well, from where Alf sits, the burden on his small business came from a data breach, and the thought that there might be another company out there that knew it might have lost his data but kept quiet about it is an infuriating one.

Protecting and validating identity was a big issue for global security and a business-threatening issue for Alf and other such hard-pressed businessmen. The idea that a European firm could lose data and not have to tell those affected still bewilders me. Are we really creating a safer world for our children when we allow those whose data security has failed to sweep this embarrassing fact under the carpet?

Paul Davie