VIRTUALISATION, which can be used to divide data across multiple computers, offers opportunities for organisations such as banks, legal firms, Government departments and the health service to address some of the security concerns about sensitive personal data falling into the wrong hands.
Just as organisations, stung by public data leaks and losses due to poor corporate security, want to limit what workers can do, those same workers are demanding greater flexibility, including the options of home-working and of using a variety of mobile devices.
“Users don’t want to feel reined in or held back by technology,” says Niall Gilmore, enterprise business manager, Citrix Systems Ireland. But with yet another laptop filled with personal data going missing this week – in this case, unencrypted personal data on flu vaccine recipients held on a Health Service Executive machine – maybe it’s time that such organisations looked at moving to virtualisation, say Irish industry experts from Microsoft and Citrix.
Over the past year, a number of government and financial services incidents in which laptops were lost and stolen – and where personal information about customers and clients was unencrypted (left without the protection of being encoded) – have came to light.
Sloppy handling of personal data has been repeatedly criticised by the Office of the Data Protection Commissioner.
A spokesman recently said that he was amazed that organisations were still not using encryption routinely on laptops.
Virtualised systems could halt these problems by blocking users from viewing and downloading data they should not have in the first place and automatically encrypting it for those who are allowed to take such information home.
According to vendors, virtualisation allows for greater security because the actual hardware of a machine is locked down and users only have permission to function in self-contained virtual environments.
Because users can be assigned their own portable desktop that they can log into anywhere, their ability to hack into systems or accidentally cause security breaches is tightly controlled.
In addition, vendors point to the ability to control data, only allowing users access to what they are authorised to see; restricting the ability to download applications or data onto a portable device such as a laptop, and encrypting the data that is downloadable to keep it secure when it is carried out of the office.
Thus, even if a laptop were lost of stolen, the personal data stored on it would be out of reach to any but an authorised user.
But in some areas, increased security may be more aspirational than firm reality, given that industry pioneer VMWare just released patches for 16 vulnerabilities across a range of virtualisation products.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)