Could hosted desktops have averted the risk to 43,000 Wigan school children?

The mainstream media are quick to jump on any breaches of security involving cloud computing, and rightly so as security of personal and financial information should be of paramount importance to any organisation. However, you are always left with the impression at the end of such stories that the more traditional way on storing the data, i.e. in-house servers and computers would have been more secure.

But the worrying tale from Wigan about the loss of a laptop containing the details of 43,000 local school children highlights circumstances in which a cloud computing and hosted desktop solution would have avoided this situation.

The Information Commissioner's Office (ICO) has found that Wigan Council breached data protection law by allowing unencrypted data on school children to be downloaded to a laptop that was subsequently stolen from a locked cupboard.

Humiliatingly, Joyce Redfearn, the CEO of Wigan Council, has had to sign an undertaking stating that the council will encrypt data on portable devices in future.

IT professionals will also be worried that so much personal data about children could be downloaded on mass by a council employee.

In fact, the head of enforcement at the ICO, Sally-Anne Poole did comment, "I strongly advise organisations to avoid instances where employees can download large volumes of personal information."

Sally-Anne Poole continued, "This incident could have been averted if the data was simply accessed from the main council computer network. Storing large volumes of personal information on portable devices is unnecessarily risky."

However, presumably the employee was in a position where they felt they would have need to access all the information while using the laptop and so downloaded so much sensitive information. Of course, if the information had been securely accessible to users from any remote location there would have been no need to allow this massive or any other partial download of such a sensitive database to any computer, let alone a device as vulnerable as a laptop.

The fact that the laptop was stolen from a locked cupboard also highlights the fact that data stored on a business' premises is a lot more vulnerable to theft (and fire) than data stored in the highly secure UK data centres where servers used in cloud computing are situated.

Obviously here at GoCloud we would see this as an ideal situation for the use of a remotely hosted desktop solution so that the personal information would not have had to be downloaded to a laptop and yet the remotely hosted desktop would still enable the employee to securely access the information from a home computer or a thin clientin an alternative work location.