Whether they’re held by public service or private enterprise, these bulk data stores make very tempting targets for attackers of all kinds. So it’s essential to ensure they’re adequately protected.
The fifteen good practice measures outlined below provide a set of indicators against which the security of your holdings can be objectively appraised. They enable you to make a basic security assessment of any personal data stores held by your service.
This is not a definitive set of measures. The list will necessarily change over time, as the attacks and techniques used by adversaries change. So you should not see them as an alternative to a risk management strategy designed to protect your bulk personal data.
For these measures to be meaningful, they must be applied to a service or system as it exists today, not by referral to the original design intent of the service. For that purpose an audit should be carried out of the data holdings which your service is harbouring before measurement takes place.
Structure of this guidance
The measures have been broken into three groups:
- WHAT– You should know what you are protecting and the risks you’ve already taken
- WHO– You need to know that only those with a real need, have access to your data
- HOW– Poor design, implementation or operations can result in data loss
Each of the 15 good practice measures is split into three sub-sections:
- The first describes an ideal situation.
- The second expands on the thinking behind this.
- The third gives you a traffic-light system against which to judge your actual holdings.
Prioritisation of the measures
Though there are fifteen measures described above as basic protections for bulk personal data, they can be prioritised.
These are the most critical for knowing what data you have and preventing its loss:
- 1 – knowing what data you hold and why
- 8 – not exposing vulnerable interfaces externally
- 14 – prevent spear-phishing emails targeting an administrator from resulting in total compromise of the data
For ensuring attacks would be detected and managed, the most critical measures are:
In some scenarios, the use of encryption to protect bulk data should be the norm. For example, where data is transmitted over the internet, stored on a laptop, or stored on removable media.
However, encryption relies on good key management, and in some scenarios it is challenging to engineer a solution which makes meaningful use of encryption to protect data.
This is sometimes the case in systems which are always online, where data needs to be available to query. In these scenarios your systems architects and designers will need to think carefully about how encryption can be used in a meaningful way.
Further advice on secure design
We have published a set of security design principles to inform technical architects and developers building systems and services that need to protect important data.