Comment: MoD data breach - was the data really secure?
September 2023 by Mark Semenenko, Director Solutions Architecture at Immuta
In a year where public sector bodies in the UK have consistently been victims of data breaches, the recent Ministry of Defence data breach is not a huge shock. With it being discovered that the data was leaked as a result of a third party supplier being attacked, it raises questions regarding the data access management protocols and were they properly in place? The comment from Mark Semenenko, Director Solutions Architecture at Immuta about the need for ABAC (attribute-based access control) which enables purpose-based access to data to limit the risk of human error data breaches.
Data protection is of the highest priority for all organisations. Data needs to be adequately protected and handled with care and attention. It requires anticipating the potential impact of data processing activities, providing the right access at the right time and controlling usage in real time. This is crucial to ensure compliance and adhering to a growing number of regulations.
"When a data breach occurs, such as the most recent case with the UK Ministry of Defence, it typically causes a knee-jerk reaction and prompts the impacted organisation to heavily restrict the data they share externally and internally. This has huge hidden opportunity costs and debilitates decision making. A more successful strategy is based on the organisation’s approach to access controls when sharing data with third parties. By employing fine-grained automated access controls with usage detection, the organisation can still benefit from sharing data but with the confidence that access controls remain accurate, sensitive data is protected and data is only used correctly." - Mark Semenenko, Director Solutions Architecture at Immuta.