Today we’ve released a cornerstone of the NCSC’s security architecture practice – our pattern for safely importing data. This pattern is one we’ve been recommending in our consultancy work for many years, but it’s being published on the web for the first time today. We hope you find it useful.

The pattern incorporates some of the techniques we describe in our security architecture design principles. In particular, we rely on the concepts of transformation and validation, ordering them into a gateway designed to let you bring data into your systems without inadvertently importing malicious code.

The pattern is generic, so should be tailored to fit your particular scenario. In lower risk situations, you might want to leave out some of the controls, such as the transformation engine, but if you’re facing higher risks you might want to use them all and seek particular assurance in the validation engine.

One top tip I’d like to share from my experience of using the pattern is to remind users to ask for the data they need, rather than the document it’s wrapped in. I’ve often heard requirements for regular PDF transfers, when what is actually needed is some text, or numbers contained within a PDF. The data might arrive in a PDF, but that’s not necessarily what’s required to pass through your gateway.

Please let us know if the pattern proves useful to you. We have a couple more in our pipeline to publish too. The next will focus on safely exporting data, which the eager amongst you should note is not simply the reverse of the import pattern!

Richard C

Chief Architect, NCSC

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!