XML and Data Loss Prevention

I've written before on controlling what is output from Web Services. XML Gateways are ideally placed to ensure that the responses coming back to clients are of the right size and format, and that sensitive data is not being leaked back down to the client.

These measures would have helped in the many high-profile data loss cases in the UK, such as the loss of all prisoner data this week. If the access to the prisoner data was provided via a managed and controlled Web Service, then the pulling down of the entire prisoner dataset would have been blocked. Additionally, personal information could have been selectively encrypted prior to being passed back to the requester. An XML Gateway allows you to configure a rule that says "if you see a fragment of information that looks like a personal record, encrypt it or strip it out".

At it stands, presumably the information is obtainable via a SQL query to a database, and access to it is a mapper to topology, not policy (i.e. if you are on the right network, you get access to the data). It should be a matter of policy, not topology. i.e. Even if you get onto the most sensitive parts of the government network, your access to the informatin is still controlled by policy.

I remember talking an architect from another part of the UK government who said that they did not need data-level security because "the network is secure" (the old security paradigm of the "hard crunchy shell and the soft chewy center"). But, that UK government department has since also suffered from its own well-publicized incidents of data loss. Data-level security would have been a safeguard to this.