Data Protection By: Dr Salah A. Rustum President CIEL & IT & Internet Association From Software to Safeware IT security has become a subject of much attention in the last couple of years. The Information Age requires methods for encryption and secure authentication in order to ensure confidential & legally binding communications. This Issue particularly concerns the areas of Mobile/desk top Security, Network Security, E-commerce Security and Infrastructure Security. Key Problems In the course of Globalization, the Internet gained more space and it became inevitable that the data processed along the route of e-communications regardless of its venue became more demanding for additional security. Security that would provide TRUST to trading partners as well as to legal houses; and to the User himself/herself being the Consumer. The fast flow of information must be guaranteed in today’s business world whether between individual business units at different locations, or between the head office – branches or alliance companies, or simply between different offices of the same enterprise. A smooth flow of communications and operations is ensured by having company owned data processing-net-works. Several users can simultaneously access common files. Now within these networks, comprehensive data protection can not be guaranteed if individual employees have global or overriding access rights. However, in the sensitive areas of the company, such as the management, in the audit department or in research & development – confidentiality and security of data has the highest priority. After all, the business plans and the development plans or the human resources and salary data should never get into the wrong hands! Confidential data and information is particularly vulnerable to attacks when it is transferred over public net works. Lines can be tapped and message switches or exchanges can be manipulated. 1 Haunting Dangers As you very well know, the Internet as such is preferably used due to cost reasons but is particularly insecured being an open platform for all types of communications. Simply like post cards in regular snail mail – Meaning that the information sent over the Internet can be read by any one, and hence is considered insecured. To this effect, access systems & firewalls are used in several companies and or organizations to prevent unauthorized access to the own network. Modern technologies provide access protection without restricting access possibilities for information in local networks. According to a study carried out by Ernst & Young, the employees of a company are far more than competitors – are amongst the main attackers on confidential data. Furthermore, in the flow of the trend towards outsourcing, several companies in both Europe & the United States & Canada contract the administration of their data processing to external service providers. In other words – Confidential information in networks must therefore be protected effectively from unauthorized access – From outside and within the organization and not to under estimate our open network the Internet where electronically signed and encrypted mail is urged to be used. Network Security Access protection is generally implemented at person-level, and the identity of the operating user is established without doubt – thus authorized personnel of certain departments or branches access the resources related to their department or branch, but they are not permitted to access resources of other departments or branches. In fact administrators and maintenance technicians can ensure continued care and maintenance of the data processing infrastructures in the sense that they have authorized physical access to all the company’s files in totality, without being able to decrypt the data is present in them. New Technologies In the course of globalization, rapid exchange of information has quickly gained importance. A smooth and secure flow of information between trading partners must be secured and guaranteed at all times The introduction of the Digital Certificate referred to as the Electronic Signature has well developed the site as such and boosted the e-mail, e-commerce, Internet and on line banking. Coupled with that is the transmission of legal documents, financial 2 statements and other equally confidential material such as diplomatic mail, medical reports and patent registry of new products & inventions. The Electronic Digital Signature is the spine of electronic commerce and what ever may derive from such transactions – whether it is the payment of bills and or securing the identity of the user – or both! Not to mention your right to affect on line application to connect your electrical current, apply for a mobile phone, or receive your bank statements. Many other services should become available as well: The transmission of financial statements to the competent Authorities Receipt of certificates of origin from Chambers of Commerce, and Last but not the least the provision of documents to the Registry of Commerce. All those shall leave you with more productive working time cost effectively. CIEL is the Registration/Partner Authority of GlobalSign for Lebanon, the MENA Region including the Kingdom of Saudi Arabia & the Arab Gulf States. With its accredited highly trained staff, CIEL is raising awareness at all levels and under different roofs such as the UN/ESCWA – UNDP / United Nations Development Program, The respective Chambers of Commerce, Industry Agriculture and last but surely not the least, the various Governmental Departments and Institutions Furthermore, I wish to point out that legislative work in Lebanon has been carried out, and it is my pleasure to announce that the Draft Law of the proposed Electronic Digital Signature has been submitted to the Lebanese Parliament to be put on the Agenda of the General Session for adoption. In fact, should we go for the Electronic Signature to secure our Electronic Communications regardless of its venue, we would most certainly reduce our overheads by a good 20-25%. This fact directly reduces our high cost of living and relates immediately to the consumer. Aren’t we all, the Consumer in one way or the other? Beirut, SEP 21/2013 All Rights Reserved 3