Case Study: Protecting sensitive information in transit
Encrypted USB devices from MXI Security
For the City of London Police, information leakage isn’t just business critical, it is a matter of life or death. Loss of life could be the ultimate price to pay should sensitive data being transported by police officers be mislaid. That’s why the City of London Police has taken industry-leading steps to make sure that an electronic data breach remains unlikely.
The City of London Police is also involved in implementing the Home Office IMPACT program, designed to improve the ability of the UK police service to manage and share information between police forces to prevent crime and provide safer communities.
Protecting its electronic borders
Defining best practice in this field has also required the City of London Police to develop a model IT governance policy in order to protect information within and from outside its own network. Over the last five years, the force has taken sweeping measures to protect its electronic borders and defend the integrity of its information. In addition to a comprehensive and rigorous IT security policy, all potential points for electronic data leakage have been systematically identified and secured.
As well as safeguards against unauthorized electronic transmission of data, the City of London Police has taken steps to prevent “thumbsucking” – the unauthorised copying of data on to portable storage devices. To achieve this it has locked down USB computer ports on all computers – and not with superglue.
However, the force also recognized that a complete system lockdown would be counterproductive, as officers and administrative staff still need to physically move data around during investigations and operations, and when interchanging intelligence with other forces, such as the neighbouring Metropolitan Police. Therefore, the City of London Police has established and implemented secure procedures for anyone who wants to bring in or take out digital information – issuing secure, personal portable storage devices to authorised officers and civilians.
The threat of electronic data leakage came to the forefront when the City of London Police upgraded to a Windows 2000 Professional-based network in 2005. Beforehand, the unauthorized copying of data was less of an issue since USB ports were simply not recognized by the earlier Windows NT 4.0 operating system, and all USB devices were disabled at system BIOS level. However, in planning the upgrade, Gary Brailsford-Hart, the City of London Police Head of Information Management, was well aware of the new challenges he would face.
After evaluating various options, Brailsford-Hart chose to secure all USB ports with DeviceLock, a sophisticated solution that not only controls device-level access but also logs information copied to and from permitted USB devices and drives.