Who could forget that historic HMRC security breach in November 2007 which saw the bank details of 25 million people go missing? The surprising answer to that question is around 20% of companies, it would seem.

At the time, the Conservative Party told the BBC that the breach was “a catastrophic failure” and then Chancellor Alistair Darling admitted it was an “extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines”.

In June 2008 the Poynter Review into the shameful affair identified major institutional deficiencies and recommended a number of security principles to prevent any reoccurrence. Now a survey by Cyber Ark suggests that companies are still choosing to ignore some of these core recommendations, including 19% which continue to use external couriers to transfer sensitive data files.

The Poynter Review clearly recommended that transfers of digital data involving physical media should be phased out completely, yet this new survey shows this method is on the up rather than being phased out. In 2008 when questioned on this, 4% of respondents used the postal system to transfer large files, however that figure has now jumped to 11%.

It’s not all bad news though, as the survey also revealed that 82% of companies do have some system in place for the transferring data, and the use of email for this has declined from 35% in 2008 to 16% now. Unfortunately, 67% have moved to FTP for sensitive data transfer and 28% using web based services.

Mark Fullbrook, UK Director for Cyber-Ark, says “With FTP, and even encrypted FTP sessions, the problem arises after data has moved while it sits on the FTP or SFTP server in plain text. The nature of the beast means the service is directly connected to the internet leaving it open to violation, and as there is no audit trail, no record of who accessed the files. More alarmingly is those organisations that are using a web based offering – they may just as well stand on a street corner and give away their information as these services just weren’t designed with sensitive corporate data in mind”.

According to the latest research to hit my inbox, the security needs of the SME are becoming more sophisticated. I have to admit, I am not altogether convinced.

RSA, the Security Division of EMC, released the results of a survey conducted by the SANS Institute which was a sampling of data from the SANS Sixth Annual Log Management Survey Report and focused on small and mid-sized organisations with less than two thousand employees. It suggests that almost 80 percent of SMEs rank detection and prevention highest in criticality, and that the mid-sized enterprise best understands the importance of collecting and analysing log data. The fact that survey respondents reported logs are most useful when used for forensic analysis and correlation, then detection and prevention, both coming in higher than 90 percent, suggests mid-sized organisations are becoming more sophisticated in their security needs, RSA insists.

“This data suggests that organisations want and need the efficiency of a log management solution to move beyond compliance to security detection, reaction and prevention as well as to augment effective IT and network operations” says Jerry Shenk, Senior Analyst at SANS.

“This data suggests some people have too much time on their hands” says Davey Winder, opinionated security expert at IT Pro, continuing “I mean, who really wants to read a report based upon a log management survey?”

Seriously, security does not need to be sophisticated at any level, it seems to me. It just needs to be practical. And that means being appropriate to the business using it, and appropriate to the risks faced by that business. Common sense goes a long way even at enterprise level and in the rush to buy in ever more sophisticated security solutions that, I am afraid to say, often gets left behind. Yes, checking logs for potential security problems is a good thing, but when you start talking about the efficiency of log management solutions I start switching off…

A new index of average global broadband speeds makes for pretty depressing reading if you happen to be Ed Vaizey, the newly appointed Minister for Broadband in the coalition government. Hotfoot from listening to Her Madge The Queen bigging up support for the broadband nation at the state opening of Parliament earlier in the week, Vaizey will have been brought back down to Earth with a very real world bump as the Ookla Netindex places the UK at, erm, well, 33rd in the global broadband download speed charts.

To put that into some perspective, Europe as a whole can muster an average broadband speed of 10.03 Mbps according to the index but good old Britain manages a meagre 7.69 Mbps. So while we may expect to find ourselves behind the Gods of Broadband, South Korea on a massive average speed of 34.19 Mbps, ending up way behind the likes of Latvia (24.30 Mbps), The Aland Islands (18.80 Mbps), Romania (18.56 Mbps), Bulgaria (17.55 Mbps), Lithuania (16.70 Mbps), Andorra (16.24 Mbps) and even flipping Belgium (11.24 Mbps) for crying out loud.

Even if Ed Vaizey tried to shift the focus by looking at the upload speed charts instead, he would have found no reasons to be cheerful. In that list the UK sits at number 66 in the world with a truly poor 0.91 Mbps. Heck, even the Republic of Moldova can manage to find an average upload broadband speed of 7.17 Mbps although once again South Korea makes me wince with that 18.45 Mbps chart topping number.

Geoff Bennett, Director of Strategy at Infinera UK, reckons that “the roll out of superfast broadband in the UK continues to lag behind some of our key economic competitors in Europe, and the rest of the world” as these Nsetindex figures would tend to confirm. “We would urge Ed Vaizey to look at investment not just in the last mile but also in the core of the network” Bennett continues, concluding “There are new technologies that have been widely deployed elsewhere that increase the capacity of the network while reducing capital and operating costs and a leap forward to wide deployment of these technologies would be beneficial for education, health care, business, and consumers.” Technologies such as Photonic integration, for example, which has been deployed to good effect by operators in the UK such as Carphone Warehouse…

I’m sad to say that I’m way below average here in my country pad, with an average download speed of 3.5 Mbps and uploads maxing out at 0.75 Mbps.

How fast is your broadband? Now is the time to let us know if size really does matter…

So iPad pricing for the UK has been announced ahead of pre-orders being taken for the 28th May sale day, and somewhat predictably cries of ‘rip off Britain’ have rung out from much of the technology media. But are the prices really that out of step with the USA?

Well, let’s have a look at the facts rather than simply jerking of the knee. Here’s what an Apple iPad will cost in the UK:

The entry level WiFi only version is £429 for the 16GB version, £499 for the 32GB device and £599 for a 64GB iPad. Move to the other end of the scale with devices that add 3G to the mix and you are looking at £529 for the 16GB iPad, £599 for 32GB, and £699 for the range topping 64GB model.

All of those prices include VAT, and for me that’s the important part. So while a basic entry level iPad will cost you around £340 ($499) by the time you add VAT it starts to level out a bit at £399. On top of that you have to then factor in the cost of UK trading which, my international retail pals assure me accepted as being in the region of 7 percent. That brings the price up to £427 which is just a couple of quid difference, hardly a right royal rip off if you ask me.

Too many folk appear to have completely missed the ‘including VAT’ element of the pricing announcement, not to mention that US pricing does not include local sales taxes which have to be added, and instead have jumped to the usual conclusion that Apple is just ripping us off on this side of the pond, which is a shame.

So, am I going to be buying one? No.

Is the price putting me off? Yes.

But that’s just because I can’t justify spending £700, plus another data plan, for a bigger version of the iPhone that I’m already quite happy with. OK, I appreciate that the iPad is actually a lot more than that, but you can see where I am coming from. When my iPhone data plan contract has expired, and Apple has released the second generation iPad devices with the bugs ironed out and additional functionality built in, I’ll be in the queue with my wallet open faster than an MP filling in an expenses claim.

There’s a joke going around technology media circles at the moment: a Microsoft employee dropped a Kin prototype phone in a Californian bar, nobody noticed. It has a certain resonance, not least because Microsoft would quite likely happily kill for the sort of publicity being generated for Apple by the iPhone 4G dropped in a bar story currently on every newswire but which started over at Gizmodo.

While Apple has now apparently asked tech site Gizmodo, which supposedly purchased the prototype iPhone 4G from an individual who ‘found’ it in a bar, to give it’s phone back. Of course, Gizmodo is likely to be more than happy to oblige no matter how much it paid for the phone. Even if it paid $10,000 which is at the upper end of the guessing game scale (most sources suggest $5000 is nearer the mark) the site will have seen a huge return on investment in terms of the on-site advertising revenue on those pages breaking the news but also the longer term impact of the reputational kudos. The only spoiler has been some lingering doubt, much of it spread by other sites which one has to assume are jealous at not getting the thing themselves, over the provenance on the device. Some are claiming it is just another fake, one more hoax in the long history of iPhone development misdirection. If Apple want it back, and according to Apple general counsel Bruce Sewell it most certainly does, then it must be the real thing, no?

Meanwhile, Microsoft can only dream of the kind of media hysteria that has been unleashed over the last week as a result of that dropped prototype. The best it has managed so far, in relation to the badly named Kin phone (as in who would want that Kin Microsoft phone, speak it out loud for the full effect) has been some rather lame controversy concerning a promotional video showing some bloke taking photos of his man-boobs to share with the world. It encourages sexting, cry the usual suspects, and if it were a woman doing the up-blouse videoing then everyone would be up in arms about it. Of course, it wasn’t a woman, so nobody really cares that much. A bit like the Kin itself. No joke.

Just how much does the average Brit hate Europe? Ask them about data security in the cloud and you’ll find out.

Size does matter, and the bigger it gets the harder it becomes to remember where you put it. I’m talking about data storage and the data stored within it, in case you wondered. The findings of a poll published by the Business Software Alliance (BSA) on its third European Cyber Security Awareness Day in Brussels reveal that the majority of European citizens not only don’t know where their online data is being stored but they are less than certain whose job it is to protect that data, wherever it may be.

I kind of know the feeling. I have plenty of network attached storage, so much that only a few years ago I would have had to have been Bill Gates to afford it. I even have my own personal cloud thing going on courtesy of the rather nifty Pogoplug which I like to think of as my little bit of pink Linux data fluffiness. However, the fact that I have huge amounts of data stuffed onto huge amounts of storage doesn’t mean I know where it is. Indeed, if it were not for some seriously smart local search software I’d never remember exactly where I put anything, especially if I had put it there a few years ago. Documents are not a problem, I know where they are as I keep a copy of everything I write on a heavily encrypted USB stick which I carry with me at all times, with a further encrypted back up stick stored away for good measure.

Luckily, I also know where the buck stops when it comes to securing all the data: that would be with me. I run my own business, it’s my responsibility to look after the data it generates and do so in a secure fashion. But what about data generated about you by someone else, and stored ‘in the cloud’ as everyone, including my elderly mother, likes to say these days? back to that BSA survey, and 60 percent of those asked didn’t actually know what ‘in the cloud’ means, including my mother had she been asked, funnily enough. What’s more, 1 in 5 were unaware if their personal data was being held there or not.

What two thirds did know, or at least agree upon,was that responsibility for securing data held ‘in the cloud’ lay outside the businesses that actually use the data. Most agreed that there was a need for some kind of international handling of cyber security rather than an individual national approach to the problem. Spain on 77 percent and Poland on 74 percent were most enthusiastic about an international approach to data security, with most other Europeans being broadly in agreement with the concept. Apart, that is, from us Brits. Despite recent calls by the House of Lords for just such greater involvement by the EU and increased cooperation with NATO on matters of cyber security, only 46 percent of us increasingly isolated islanders thought it was a good approach.

The BSA is preparing a global cyber security policy framework to guide this notion of international cooperation to secure the online environment, and its senior director of government relations, Francisco Mingorance, insists “most Europeans are looking for global leadership and collaboration to protect their personal information from hackers and cyber criminals”. I guess that most Brits just don’t consider themselves to be European, at least when it comes to online data security matters. Either that or the BSA just happened to be questioning a bunch of UKIP supporters.

What are you doing to plug potential data leaks? New research suggests that it might not be enough, if you are an average IT manager.

Call it what you like, Data Loss Prevention or Data Leak Prevention technology, but there seems to be no ignoring DLP these days. Of course, some might argue that DLP is nothing new but rather just a marketing exercise in repackaging existing technologies in order to shift them as some new ‘magic bullet’ security solution. Last year a survey by IDC revealed that 92 percent of the enterprises asked had either already got a DLP model in place or were planning on implementing one before the end of this year. The introduction of punishing new powers for the Information Commissioners Office regarding data loss, with fines of up to £500,000 for those found to be neglectful in the light of a data breach, only helps to focus attention on DLP.

All of which is good news, surely? Well, you might think so but a new independent survey by Vanson Bourne of 200 IT decision makers into the real world penetration of DLP suggests otherwise. It reveals that 38 percent of respondents are failing to actually deploy DLP solutions in the form of device control, endpoint DLP or DLP appliances. When attention turned to the small and medium business sector the numbers plummeted further, with some 54 percent failing to act.

Digging into the detail reveals further dodgy data actions, such as despite the use of personal smartphones within the business environment only 48 percent of those who had deployed a DLP solution had actually bothered to control data synchronisations between employees’ computers and those smartphones. What’s more, only 26 percent were controlling printed document data even though a recent Ponemon Institute study suggested this was one of the most popular channels for stealing corporate data.

When it comes to action being taken to prevent data leakage, 77 percent reckoned that they monitor webmail and social networking activity of employees, and only 8 percent thought that privacy concerns should be an obstacle to enforcing security.

“The fact that many organisations are still failing to adequately address data leakage prevention is concerning. However, the increasing integration of endpoint content filtering and device control technologies, as well as the growing popularity of complete content-aware endpoint DLP solutions should help to address this” said Sacha Chahrvin, UK Managing Director, DeviceLock who continued “IT departments are becoming acutely aware of the need to keep costs arising from highly resource intensive processes – such as security compliance auditing, incident investigations, and forensic analysis to a minimum. Affordability and ease-of-use clearly remain significant barriers of entry for those responsible for protecting organisations’ data especially amongst small to medium sized businesses”.

The answer is, as from the start of this week, a bloody big YES. Although according to a survey by Cyber-Ark some 65 percent of people are ignorant to the fact, the Information Commissioner’s Office has been granted new powers which came into effect on April 6th and these allow for fines of up to £500,000 if a business has insufficient security in place and this leads to a ‘deliberate or negligent’ breach of personal data.

The study of some 500 city workers uncovered an amazing level of ignorance amongst employees regarding the fines and the Data Protection Act rules which could lead to them. The fact that 65 percent said nothing had ever been mentioned to them could leave directors up to their neck in the smelly stuff in the event of a breach. The ICO reckons that it will certainly consider whether a breached organisation has taken ‘reasonable steps’ to prevent it from occurring.

Interestingly, some 71 percent of respondents reckoned that after they had been made aware of the financial implications to their employers they would be more careful when it comes to data handling. So maybe if you haven’t done so already you should be getting a memo out to all staff ASAP.

Especially if, as was the case with 64 percent of those asked, your employees carry customer data around with them on mobile devices. 38 percent of them admitting that data is protected by sweet FA, and only 50 percent have even a password, with just a measly 12 percent using encryption of any kind.

Adam Bosnian, vice president of products and strategy for Cyber-Ark Software commented says “people increasingly understand the need to protect their data, but for some reason it’s not always top of the CISO’s priority list – and it should be. We have been blown away by these findings especially to discover that, with a £500,000 fine hanging over UK directors as of the 6th April, workers are walking about with unprotected customer records. Education is one piece of the puzzle in making sure that those people who do have access to privileged data are responsible with it and recognise the vital role they play in an organisation’s compliance obligations. Organisations also need to control privileged users and accounts to protect sensitive information, such as customer data, from navigating its way into the wrong hands”.

You might think that, given the sheer number of business applications available for the iPhone, the answer is a resounding yes. However, it does rather depend, of course on how you approach the question in the first place. If you enter the question arena from the door marked security then things take on an altogether different light. I have lost count of the number of security consultants who have been warning that one of the biggest dangers facing the average enterprise in terms of data loss and security impact potential is that posed by the rise of the smartphone.

Take the recent survey conducted by endpoint data leak prevention outfit DeviceLock, which took over seven months to compile. It asked whether more than a 1000 businesses had taken any steps to secure themselves against the security threat of iPhone usage. Less than 40 percent could confirm that they had, with an alarming number of people admitting that any iPhone threat is treated most definitely as a back burner security issue right now. In Western Europe and North America things were even worse, with 75 percent currently ignoring the iPhone security threat. Compare and contrast with Eastern Europe, Middle East and Asia Pacific businesses where close to 60 percent had taken action already.

“While this website-administered poll has inherent limitations, the results do suggest that the iPhone threat to data security is being generally underestimated” said Ashot Oganesyan, DeviceLock CTO and Founder, who concludes “the variation in how the well-developed IT markets of the West view the iPhone threat versus the emerging IT markets of the East may be because Enterprise IT planners in the West are relying on the already-entrenched vendors, such as RIM and Microsoft, to ‘have their backs’ and not introduce such a device without the necessary security hooks in place for device-related policy enforcement and encryption”.

Whatever, history shows us that the most effective enterprise strategy for dealing with any mobile media is simply to establish clear policies with regard to these new devices and enforce those policies using whatever tools are available to them. It ain’t rocket science, but without it I fear that the continuing use of iPhones (and other smartphone devices) within the enterprise could quickly see iPhone security become a stellar security problem.

Could tomorrow’s Budget be the most broadband friendly in history? The odds are looking good for some pre-Election bribery in the form of Super-Fast Broadband for All it would seem. Gordon Brown has already announced plans for every citizen to get a government services web page of their very own, accessed by super-fast broadband which the PM refers to as the electricity of the digital age.

Of course, there’s the small matter of how you pay for all of this. Which is where the Budget on Wednesday comes in. It looks likely that there will be an element of taxation in the form of a land line levy of around £6 for every land line, which is already being referred to as the broadband tax. It’s also expected that the Chancellor of the Exchequer, Alistair ‘eyebrows’ Darling, will announce that savings of billions made by closing down existing government offices will contribute to the funding purse, along with the creation of some 250,000 new jobs over the next 10 years as a result of the speedy web access.

But how do the main political parties in England view the Digital Britain road map, and how their plans to deliver that digital economy vary? Thinkbroadband has been analysing the different approaches and come up with the following:

Labour

A ‘Universal Service Commitment’ of 2Mbps by 2012 to virtually everyone in UK funded by surplus money from the Digital Switchover fund.

Next Generation Broadband available to 90 percent of UK by 2017 funded by 50p +VAT per month levy on fixed phone lines which is expected to raise £1bn over seven years. This will fund next gen broadband to the final third where the market is unlikely to deliver a service without some intervention.

In his speech, Gordon Brown said that proposals for online delivery of government services “depend on reaching 100 per cent” coverage of next generation broadband and that by 2020 he expects “to make Britain the leading superfast broadband digital power creating 100 per cent access to every home”.

Conservative

Supports the 2 Mbps universal access by 2012 funded by surplus from that Digital Switchover fund.

Next Generation Broadband of 100Mbps to majority of homes by 2017 funded possibly by using a proportion of BBC license fee at any point beyond 2012. Funds would be used as loans or on a matched funding basis.

Thinks that BT should open up access to underground ducts and overground telegraph poles so competitors can lay their own fibre like they do in France and Singapore for example.

Wants a change to the rating system for fibre networks to remove all current disadvantages suffered by new operators.

Believes intervention may be necessary in due course for next-generation broadband, but market should be given a chance first.

Liberal Democrats

Supportive of government USC plans for 2Mbps by 2012 funded by digital switch over surplus, essential to have a minimum standard of service but 2Mbps is an unambitious target.

Thinks universal service funding should be combined with a project for rollout of next generation broadband, so those who can’t get broadband would get next generation broadband sooner.

Thinks that mobile broadband could have a role to play in hard-to-reach areas. Effective use of spectrum is important.

Would like to see vast majority of the country being able to access 40Mbps+ by 2017.

Wants immediate intervention to target areas unlikely to be reached by next generation broadband by the market, the final third. Would adopt an outside in approach (start funding the most rural of areas first) but admits “it won’t be possible for absolutely everyone to receive next generation access” immediately.

Opposes the Conservative policy to top-slice the BBC license fee.

Supports 50p/month levy “if applied properly and with exemptions for the least well off”

Welcomes BT decision to open up ducts.

Sees a need to encourage more services that make use of high speed broadband, including national and local government services, to drive demand.

Thinkbroadband, however, believes therefore that the key question will be what percentage of homes and businesses will have access to 100Mbps by 2017? The challenging target will be in the 80-100 per cent range. “The main political parties all accept the importance of securing a strong digital future with super-fast broadband, but each has made vague promises, leaving out some crucial factors that would allow us to hold them to account if they form part of the next government” says Sebastien Lahtinen, co-founder of Thinkbroadband, concluding “we see some differences in the plans for how next generation broadband will be funded, in particular the level and timing of government intervention, but we don’t have clarity from any party on both the question of what ‘next generation’ broadband means in terms of speeds, and how universal will access to this high speed broadband be? In other words, will they guarantee that every single household will get it?”