SECURITY
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
7 IT-<strong>SECURITY</strong><br />
Dataprotection<br />
Networks belonging to companies and public<br />
authorities include numerous weak points, for<br />
example: internet connections, VPN (Virtual Private<br />
Network) connections to branches using<br />
public networks and now more and more remote<br />
access solutions over which mobile users<br />
or home office staff can access internal systems.<br />
IT security systems need to be applied to these<br />
critical points so that they are not vulnerable.<br />
In large networks a high level of protection is<br />
only achieved by central management of security<br />
systems. So today central management of<br />
firewalls, VPN and mobile security solutions is<br />
more important than ever. The flood of information<br />
about possible security solutions for a<br />
company’s IT area is not easy to evaluate to<br />
find suitable solutions to every problem.<br />
IT security with legal and<br />
acceptance problems?<br />
How essential IT security is implemented is<br />
still on trial, and faced with the facts on global<br />
espionage by secret services and other states,<br />
seems to need reorganising. At the moment<br />
experts see the IT and communications market<br />
generally as difficult.<br />
The customer wants security for his data –<br />
that refers to private data just as much as<br />
pubic and commercial fields. Legitimisation<br />
of data disclosure can only be a side issue.<br />
Particularly so-called ‘legitimate surveillance’<br />
hovers like a Damocles sword over the restrained<br />
and legally deployed IT security. How fast<br />
product safety labels can become obsolete.<br />
And it’s all the clearer how important it is to<br />
protect these infrastructures. The question remains<br />
as to who it is that public legal institutions<br />
need to protect themselves against. And<br />
is court-order supported surveillance and the<br />
resulting co-operation with the ISP (Internet<br />
Service Provider) the telecommunications operator<br />
or the network provider really the only<br />
way to monitor the data belonging to criminals?<br />
Because can this kind of well documented, legally-based,<br />
clearly monitorable process not<br />
also be circumvented? It is all the more important<br />
to consider at what level data security<br />
has to be implemented and what duties of<br />
care data centre operators will have to comply<br />
with. [ML]<br />
56<br />
EURO <strong>SECURITY</strong> Critical Infrastructure II/14