Government should take a stronger role in data regulation and compliance

Findings from a survey at the recent Trusted Computing Seminar in London, showing that 88% of top businesses and organisations attending back UK Government plans to lead the fight against the growing threat of data crime lead, with a focus on data regulation and compliance.

The seminar brought together leading figures from business and Government with some of the world’s preeminent information security experts. It offered an opportunity for IT professionals to discuss the rapidly growing threats to networks, future policies and the expanding role of hardware embedded security built on Trusted Computing Group (TCG) open industry standards.

The survey further shows that 69% of respondents admit that they do not feel that their network is adequately protected by their current security framework. The seminar was attended by a range of leading companies and organisations.

Around half the organisations attending said they were actively deploying solutions based on Trusted Computing standards and of those that did not, 86% stated that they would be exploring the deployment of Trusted Computing solutions within the next 12 months.

The global security environment is entering a new and dangerous period. We are facing a perfect storm with an exploding number of Internet devices that need to be secured, a failure of compliance and reporting models, and over-complex, increasingly expensive network security based on fragile software layers.

Against this, we have the threat from well-funded and professional cyber-criminals intent on gaining both immediate financial gains and longer-term benefit from IP theft. It has taken us almost 15 years to admit to the truth, but it is clear that layered security is not the solution. It does not provide adequate protection. It offers only partial compliance and uncertain defence.

I believe that organisations should seriously consider adding device identity as an independently managed layer to help protect their data. This device-based security solution offers a higher level of protection and should play a central role as organisations move to cloud computing.

Trusted Computing is embedded in the ‘known device’. True security starts when organisations accept and activate the Trusted Computing Module (TPM) in their PCs and laptops. It is by far the most advanced way to secure, identify and trust devices.

When organisations combine TPM with Self Encrypting Drives (SED) and manage these with Trusted Computing-standard, network management software, they are assured of the best-in-class defence, together with a framework that delivers best compliance and reporting policies.

To protect against today’s advanced threats, it is critical to have a strong foundation of trust in all endpoint devices. That starts by knowing that the PC has not been changed by a third party—and is free of malware in the BIOS—and extends to verifying the identity of the device.

The beauty of Trusted Computing is that it delivers a triple whammy. With TPM and SED, it reduces costs by up to two-thirds over the lifetime of devices while ensuring that full compliance and reporting are assured.

The Trusted Computing open standards already have the support of the UK and US governments while the Information Commissioners Office and the Cabinet Office are actively promoting the benefits of Trusted Computing. The UK Government’s Cyber Security Strategy will also be launched shortly and Trusted Computing is expected to form a key element of this.

Joseph Souren leads Wave’s operations in EMEA, where he is responsible for developing the company’s sales, marketing and channel strategy in that region. With nearly 20 years of experience, Joseph has a strong track record for managing sales, marketing, channel and geo operations. He has held management positions at high-growth, NASDAQ 100 companies, including SanDisk, McAfee, and CA Technologies. Most recently, he served as VP of CA Technologies’ Internet Security Business Unit. Joseph has worked with the European Network and Information Security Agency, GovCert, the Platform for Information Security and the International Systems Security Association. He holds a Master’s degree in Business Administration and degrees in Commercial Economics and Marketing Management, which he completed after attending the Royal Military School.