Protecting Digital Infrastructure Without Going Broke

Uploaded on 2025-03-13 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

With the head of GCHQ using his first major speech at the NCSC’s Eighth Annual Review to emphasise the need for sustained vigilance in an increasingly aggressive online world, the scale of the challenge facing the nation’s security and defence industry has been laid bare.

Describing the cyber risks facing the nation as ‘widely underestimated’ and warning that Britain and its allies are competing in a high-stakes contest for cyberspace, Richard Horne focussed on what he called ‘a widening gap’ between the country’s exposure to threats and the defences that are in place to protect us. 

So what are the risks facing our nation and what can be done to guard the UK’s growing dependency on technology against adversaries who seek to use it against us or exploit it for criminal gain?

Barely a week goes by without headlines about cyber incidents impacting the country’s public infrastructure. One increasingly popular target seems to be the NHS, whose sprawling and sometimes outdated IT systems makes it particularly vulnerable to attack. While sensitive patient, employee and commercial data held on its systems could be of interest to bad actors, the sheer disruption these attacks cause - from cancelled surgical procedures and outpatient appointments to the inability to access patient records - means pressure ramps up quickly to get systems back online, making it a particularly attractive target for ransomware attacks. 

It is a problem that has grown to such an extent that the Government recently announced plans to ban all UK public bodies - including the NHS - from making ransomware payments, as part of wider efforts to stem this increasingly important revenue stream for criminal gangs and pariah states. 

Elsewhere, of more than 430 incidents handled by the National Centre for Cyber Security’s incident management team last year, 347 involved some level of data exfiltration, highlighting the growing value of sensitive data to bad actors around the world.

So, with cost pressures growing across Government departments, what can the nation do to rise to the challenge and better protect our sensitive data, critical infrastructure and national security?

Current methods for data storage and management in both defence and wider commercial sectors are essentially the same: Data is typically stored in a contiguous format, then ‘protected’ by encryption to ‘keep it safe’. The physical infrastructure of servers, data centres and even cloud computing that supports this arrangement are centralised and static while, in a defence context, hierarchical systems of data protection and classifications drive additional hardware and software requirements.

Each layer adds complexity and costs to the process, while increasing risk by expanding the available attack surfaces. It is an approach that creates four key issues:

  • Firstly, it concentrates risk in data centres, which are now included in critical national infrastructure, and carrier networks that can become prime targets at times of international confrontation or conflict. This risk escalates proportionally the greater the volume of data that is stored, so will only become a bigger and more-costly to manage as time goes by.
  • Secondly, the imminent arrival of quantum computing means many existing encryption techniques will become easy to break, leaving vast swathes of sensitive data vulnerable.
  • Thirdly, as ‘hub-and-spoke’ approach to systems architecture, it creates bottle necks that impede the effective flow of data between those authorised to do so. The UK’s defence forces are increasingly integrated but current approaches are highly-reliant on information flowing between departments, which needs to be managed quickly and securely.
  • Finally, at a time when pressures on public budgets are at an all-time high, existing infrastructure set ups drive significant cost. Expenses associated with maintaining data centres, virtual private networks (which themselves have become part of the attack surface), encryption licenses and so on are expected to rise to represent some 10-20% of MOD IT spending over the short-to-medium term - an expensive state of affairs.

In short, our current, centralised data storage and encryption methods represent a national risk when placed in the context of growing complexity and volumes of data that need to be secure, accessible and exploitable. 

There has to be a better way. And there is… data disaggregation. 

This approach breaks down data into smaller fragments that are then stored across multiple platforms, rather than being held in one place on centralised servers and physical storage systems. It is a paradigm shift that could not only improve the security of our critical systems but also allow public bodies to unlock commercial cloud infrastructure for national projects; delivering significant budget savings compared to existing infrastructure, which could then be redirected into other priorities.

The benefits of this approach are many:  Crucially, it becomes virtually impossible for attackers to reconstruct sensitive data should even a partial breach of this desegregated system occur; The technology is future proofed against both quantum computing and the power of AI attack tools that can break traditional encryption techniques; Data can move more freely between parties with appropriate access permissions, improving decision making and data flow - this offers a valuable, UK-developed solution that could be implemented more widely with NATO and Five Eyes allies, to name just one example. Finally, it also offers significant cost reductions that will only snowball as the scale of data storage grows.

Prizsm Technologies’ patent-pending platform has already been tested by the MOD and was the first innovation technology to pass the MOD’s Bug Bounty programme. By breaking down data into atomic bit-level fragments (rather than shards/fragments) that are stored non-sequentially across multiple cloud platforms, it significantly enhances security - even against quantum attacks.

It is even expected to offer savings of greater than 50% versus traditional, centralised data storage, over time. 

We live in an information age, with a Government committed to digital transformation across a range of critical services. Adopting data disaggregation for the country’s data storage needs would not only future proof critical data infrastructure, but would also entrench the UK’s position as a global pacesetter when it comes to developing effective defences.

A modern, data-driven age requires modern, data-storage infrastructures that protect the interests of our citizens, nations and allies - infrastructure that can be set-up alongside existing systems to smooth the transition period but which can also adapt quickly to fast-evolving use cases and digital threats.

That technology already exists. Now is the time to use it.  

Adrian Fern is Chief Technology Officer at Prizsm Tehnolgies

Image: Alex Shuper

You Might Also Read: 

Securing National Communications Infrastructure

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Israel’s Emergency Medical Service Attacked
Continuous Cybersecurity Learning Is Business-Critical »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

Guy Carpenter

Guy Carpenter

Guy Carpenter delivers a powerful combination of broking expertise, strategic advisory services, and industry-leading analytics.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

IPN (ICT Research Platform Nederlands)

IPN (ICT Research Platform Nederlands)

IPN promotes academic research and education in the ICT field by building and maintaining a national community, and by developing policy to advance the field. Areas of focus include Cyber Security.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

Quantinuum

Quantinuum

Quantinuum is the combination of Cambridge Quantum with Honeywell Quantum Solutions, structured to drive the future of quantum computing.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Trisul Network Analytics

Trisul Network Analytics

Trisul helps organizations deploy full spectrum deep network monitoring which can serve as a single source of truth for performance monitoring, security analytics, threat detection and compliance.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

People Driven Technology

People Driven Technology

People Driven Technology is a customer-obsessed organization. We leverage our decades of business, technology, and engineering experience to deliver outcomes for our clients.

Obscure Technologies

Obscure Technologies

Obscure Technologies is a firm of experts, specialised in brokering the best security solutions to market.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.