Monday, October 21, 2013

Will going paperless improve data security?

Natalie-Kym Vinnicombe
Business Development Manager
Egress Software Technologies Ltd.
Since as early as the 2nd century AD, paper has been used as the transport mechanism for information; but in today’s digital world, are the days of paper numbered?

The notion of ‘going paperless’ has hit the headlines through Health Secretary Jeremy Hunt’s ambitions for a ‘paperless NHS’ by 2018. This has got me thinking about the positives this approach could bring – although there are plenty of critics to his plans as well. Aside from the environmental benefits of going paperless (in the US and Canada alone, pulp mills are the third largest industrial polluter), there is a strong business case behind it.

What’s the value of going paperless?

When sending a document, there are several elements to consider:
  • Operational costs – such as the physical costs of paper, envelopes, printing, etc, as well as transport costs like stamps and couriers
  • Efficiency costs – how long will it take to get data from one place to another? Will this slow down operations and processes already in place? Would minimising this timescale make a business more efficient and therefore more profitable?
  • Security – once the data has left your control, you have minimal influence over whether it will reach the intended recipient in one piece and unread, or what the recipient will do with it in terms of sharing it with other people or losing it

Being an IT security company, this final element is where Egress’ main interests lie (although, obviously, we’re keen to improve efficiency and reduce costs for our customers as well). And when looking at paper as a way of sharing confidential data, there are many security concerns that can be raised.

What about data security?

The truth of the matter is, as soon as it’s in the post, there isn’t really any way of securing or controlling that data any longer, in addition to no visibility.

So, let’s take a closer look at this.

An admin assistant in Office A needs to send a sensitive document to a specific person at Office B. They either arrange a courier or send the package via post, and it is then delivered to Person B, who takes a read.

While this might seem like a simple scenario, there are endless possibilities that can put that data at risk, including:
  • Admin errors – the wrong address could have been supplied or it was accidentally written down incorrectly. Or the admin assistant could have spilt their morning coffee over it, and a letter intended for Newcastle-under-Lyme is suddenly heading towards Newcastle-upon-Tyne
  • Physical security – my first concern is: How safe is an envelope? Certainly not as safe as a padlock or AES256 bit encryption. You simply use opposable thumbs and – voila! – the document is open. Does it fill you with confidence to know even a monkey can manage that? (I know some clever clogs will be thinking monkeys can’t read, but…) Further, while sending documents via registered post increases physical security slightly, it is costly and inefficient to do so.
  • The recipient’s behaviour – so, accepting that everything thus far has gone well (the document has been delivered, unopened, to the recipient), what happens next? Well, the truth of the matter is, I don’t know – and neither will you! You have to hope that your local MP doesn’t dump it in a bin or it doesn’t fallout of a police vehicle. You have to hope that no-one leaves it on a train or in a caf√©, that it isn’t stolensold or sent on to everyone in the local area… The list is endless! 

Data loss and breaches can damage business reputation, as well as cause untold stress to the individuals involved. That being the case, my question is: How can you choose to share sensitive information by essentially crossing your fingers and relying on a bit of luck that it will not only reach the intended recipient, but that their behaviour isn’t going to land you with a fine from the Information Commissioner’s Office of up to £500K? It seems like a lot of responsibility to hand over to every third party you do business with on a daily basis, but this is how many organisations still behave. We may have developed the technological resources to support electronic communication, but many still live in a world of paper.

I don’t think we can be blamed for wanting to hold on to what we know – and we’ve relied on paper for almost 2,000 years! As a secret sci-fi geek, I was mortified by the fact that Captain Jean-Luc Picard read classic books on a mechanism that looked surprisingly like a Tablet device (although once someone buys you an eReader for Christmas, you finally realise it makes sense). However, the benefits of going paperless can’t be denied – with the appropriate mechanisms in place, not only will security be improved, but financial overheads will be reduced and efficiency increased. 

No comments:

Post a Comment