Enterprises are under increasing pressure to safeguard the privacy and security of personal data, but the complexity of the task is making it difficult to meet higher expectations, a Hewlett-Packard (HP) project manager said Tuesday.
The pressure is coming from consumers and governments, who want greater control over how data is retained and managed, said Pete Bramhall, project manager at HP's lab in Bristol, England. Internally, enterprises are grappling with the cost and complexity in dealing with distributed networks.
Soon, Bramhall predicts, many enterprises will be at a "tipping point," in terms of using new means to protect data.
"At the moment the privacy officer and the CIO are still trying to figure out how to have the right dialogue on the use of technology for privacy," Bramhall said. "It is at the early stages, but that's starting to change."
The Trusted Systems Laboratory is a section within HP's lab that concentrates on privacy and identity issues. Researchers are focusing on two areas: enforcement of privacy rules and monitoring the secure delivery of data, Bramhall said.
The data can range from financial details related to e-commerce, policy rules for access to company computers or personal data such as Social Security numbers or addresses.
Since employees are lax about reading company manuals, Bramhall said, the idea is that automated software can prevent human errors in data handling.
"People are unpredictable," Bramhall said. "The objective is to try and remove people if you can."
Laws that require organizations to show compliance are the catalyst for new software investments, Bramhall said. Data breaches also seriously damage a company's reputation, a further incentive, he said.
"The amount of investment in this really depends on what would be the pain of getting it wrong," Bramhall said. "More and more legislation is coming worldwide that increases the pain of getting it wrong."
Later this year, HP will release new access management software that will be part of its HP Select suite of ID management products, Bramhall said, without discussing further details.
HP is refining a tool it uses as part of its Websource Service, Bramhall said. Websource can analyze a company's site and look for possible legal problems in data handling and privacy rules, he said.
For example, if a company has a Web site that sells a product delivered electronically, a tool in Websource can recognize that customers don't need to fill out their name and address, Bramhall said. It eliminates the collection of unneeded data that could pose a risk in the future if not handled properly.
HP is looking to build the tool into a larger service that can perform overall evaluations of data storage and handling, Bramhall said. The technology is in an early stage, however, as privacy management is a developing area, he said.
HP also envisions what it terms a "personal data lifecycle management" system capable of recognizing data-management pitfalls. Bramhall cited an example of data that has been deleted but gets reloaded onto a database from backup tapes after a system crash.
In practice, the software or service would spot the fault, he said.