It was a nightmare scenario: A Finnish hospital accidently sold an old computer containing the records of more than 3,000 patients. But that mistake in 1997 led two Finns – Janne Tervo and Kim Väisänen – to realise that people and companies needed a way to secure their data.
They and other Finnish researchers, educators and businesspeople continue to develop novel solutions for today’s data-security issues.
Tervo and Väisänen founded a company called Blancco. Headquartered in the eastern Finnish city of Joensuu, close to the Russian border, the company now has 15 offices around the world. Its speciality is data erasure, so individuals and companies can securely clean information from computers and mobile devices. Its customers include the European Commission, NATO and numerous financial institutions.
Memory is long
“The majority of companies ignore the importance of data erasure,” laments Väisänen, who serves as CEO. “It would be fair to claim that when it comes to data erasure, ignorance is bliss. We in Blancco are like missionaries for educating the importance of data destruction.”
The simple fact is that most people don’t realise how data is stored and erased. Even if you think it has been erased, it might be recoverable.
“Everything you have saved to your device will be there for eternity unless the necessary steps are taken,” Väisänen explains. “With modern technology, it would be fair to claim that its memory is long and unforgiving.”
As technology changes and we store data differently – such as on mobile devices or in the cloud – Blancco has had to adapt nimbly to the changing environment. They now offer Blancco Mobile, which cleans smartphones. The company has also come up with innovative solutions to tough problems, such as the selective erasure of data.
“For example, credit card numbers are erased from databases after charging,” says Väisänen. “This is done to increase security against illegal use and to prevent greater damages if the credit card handler is hacked.”
Väisänen praises many governments for understanding the importance of data security and imposing fines for breaches. Yet while this is a “top-down” approach, there is also a “bottom-up” way to increase security: through educational institutions.
Hard and soft security
Samuli Pekkola of Tampere University of Technology in southern central Finland says that students are very keen to learn these things, but they may not necessarily realise how their data can be tracked or lost.
“Internet searches for patent information can reveal the topic someone is working on, so the database owner may easily reconstruct and guess the topic, and even some technical details,” Pekkola says. “There is a danger a service can be shut down at any moment, or that network traffic can be monitored all along the route from the end terminal – be it a PC, tablet or mobile phone – to the server.”
Finnish institutions study the data-security and privacy issues from two different approaches, Pekkola says.
“We have quite a strong background on ‘hard’ technical issues. [Finnish] companies like F-Secure, Stonesoft and SSH have been great examples of commercialising their findings. But we also have a lot of research on management, education and the ‘soft’ issues of data security.”
Tampere University of Technology continues the strong Finnish tradition of close partnerships between companies and universities to study both styles.
“Our students conduct information security reviews for companies,” he says. “This is beneficial to all parties: The students learn the topic, the companies gain reviews and instructions on how to solve problems, and our researchers gain the data about the state of the art of information security management.
“There are an awful lot of examples of someone’s personal information being misused – unauthorised purchasing, identity theft, blackmail and financial crimes. We try to teach students to understand the topic thoroughly, not just from the technical angle.”
By David J. Cord, February 2014