Skipton acts on ICO warning

Skipton Building Society has announced a successful deployment on new database security technology for a new mortgage broker application.

The information security of the UK's sixth largest building society came under scrutiny in February this year when the Information Commissioner's Office (ICO) warned it to raise IT security levels after losing an encrypted laptop containing the personal details of 14,000 customers.

At the time, it signed a legal agreement to ensure the security of the personal data it holds in the future, included its encryption and the ability for the ICO to carry out risk assessments.

Now it has taken steps to protect its customer-facing mortgage broker SQL application that contains confidential customer data. Colin McMahon, Skipton technical services infrastructure manager, said it recognised the need for extra security.

"Whilst we have databases based on proprietary technology, the new application used an SQL back-end, which made it far more vulnerable to attack," said McMahon.

"A successful SQL injection attack could have allowed a hacker to make any number of illegitimate requests to the database. We therefore urgently needed a security solution that understood the true intent of all database access requests and one that could identify and block any illegitimate ones."

Skipton, which is also the parent company to 19 subsidiary financial services companies, chose to deploy the Secerno DataWall database activity monitoring and security suite.

It is enabling the company to set and update access rules and policies around the application more easily, continually monitor traffic and analyse the data from activity reports.

"Secerno's technology now adds to the protective perimeter around the database itself, so we are confident that our application data is well protected. We owe this to our customers."

The society now plans to develop a number of new internal business applications that make greater use of SQL databases.

McMahon added that the new system has proved very effective at highlighting security bugs and flaws in the new application. "By flagging these vulnerabilities, it has helped our developers write tighter code and build more secure applications from the outset, which is far more time and cost effective than remedying problems after an application has gone live," he said.

"It's very reassuring to know that we have done everything possible to mitigate the risk of a data security breach, protecting our own reputation and that of our customers."

Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.