Friday, 16 January 2009

Finally Data Security matters enough to be National Policy

In the US this week, two seemingly unrelated news items point to the increasing importance of data security as a matter of national policy. The first is President-elect Obama’s choice for a Chief Technology Officer, and the second is the Pentagon’s move into cloud computing.

The Chief Technology Officer is a new role in the US government, and the job is getting a lot of press. It is still unclear whether US CTO will have policy setting ability and will oversee cyber-security, as rumors abound of an additional “Cyber-Security Tsar” in the White House. Having a CTO who cannot set policy and oversee national data protection would be devastatingly shortsighted.

The Pentagon’s move into cloud computing comes after the organization made a widely publicized move to ban all USB and portable storage devices. After making an historic attempt to protect is data, the Pentagon could now be placing its data at risk “in the cloud.”

Cloud computing is not secure by nature. Without additional protection from internal and external threats, the cloud environment could be very susceptible to breaches. This is because the environment is many times a “one-stop shop” for every piece of confidential organizational data.

What the CTO and Pentagon – and every organization for that matter, need to do is approach any initiative involving digital data with security as a first priority. The past year shows us the mistake of security as a last check-box item or an afterthought.