How to tackle data security breaches: Barry Alston

Data security breaches like those that have recently affected the police in Northern Ireland and the Data Ancestry website are becoming more commonplace.

At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites. To prevent future issues, and understand why and how is this escalating, we need to take a step back here and take a holistic approach.

Data sovereignty as it is called has shifted over the past decade. Ofcom recently identified that 80 per cent of the UK cloud market sits with three hyper scalers from the USA. stating the market for cloud services in the UK was worth up to £7.5bn in 2022.

Hide Ad
Hide Ad

We have let UK data flow to the USA since the explosion of cloud services and the Competition and Markets Authority (CMA) has now initiated an investigation into all cloud service providers. Among the concerns raised by Ofcom are the expenses related to transferring data (egress fees) from cloud platforms as well as the tethering of customers to a specific cloud provider (discounts), which restricts the capacity to investigate various alternatives. Also being reviewed are the technical barriers to switching cloud providers.

I welcome this progress. As companies and IT departments, we too quickly farm out our data but we need to consider to whom are we handing over responsibilities and to some degree ownership of the data. And with that, we are also losing the skills to handle it.

Claritas Solutions only has UK-based data centres and none of our data or traffic is routed overseas. What I have seen is that as more UK-based organisations give away IT responsibilities to larger corporations overseas, the talent also follows.

The UK is now left with a shortage of skilled capable people to configure data and assess risks. As companies delegate IT tasks, along with it goes the technical skills and capabilities to deal with the data. This is having catastrophic consequences - those which we are seeing now in such forms as data breaches.

Hide Ad
Hide Ad

Cloud computing does bring with it many benefits like flexibility for accommodating business changes, speed to market with little or no capital investment, people or expertise needed, and ultimately has transformed the way we work.

However many don’t realise that the US cloud providers are subject to US legislation like the Patriot Act, giving foreign organisations access to your data overriding the sovereign states’ own regulations.

Using a cloud provider that is UK-based with locally skilled engineers on hand to provide the expertise you need, not only ensures your data remains in the UK, but that you are supporting the IT sector in retaining future essential skills within the UK.

So, don’t lose control of your data.

Be 100 per cent confident that you know where your data is and who is looking after it. And if we stop the flow of losing these skills, I’m in no doubt that we will see fewer data security breaches.

Hide Ad
Hide Ad

The other knock-on effect of this is that it keeps the IT skills in this country, creates jobs, increases employment and benefits our local economy.

Barry Alston is director of business development (public sector) at IT firm Claritas Solutions, based in Wetherby.