'Buy a big enough botnet and you can crack almost any level of encryption' says BT

'Encryption no longer be all and end all' says head of information assurance Jelleyman

With a big enough botnet and a decent equipment budget, almost any existing level of IT security can be cracked.

That's according to BT's head of information assurance, Ashley Jelleyman, speaking at Computing's Enterprise Security and Risk Management 2014 Summit today.

Jelleyman made the comment while taking part in a panel discussion on managing data governance for risk and compliance.

"Even the Information Commissioner is not necessarily seeing encryption as the be all and end all of securing personal data," said Jelleyman.

"If you put enough money and equipment at it, or you buy a big enough botnet, you can crack almost any level of encryption, it has to be said."

Meanwhile, Balfour Beatty head of information security Nick Truman admitted that architectural model makers will often pass privileged data "on to JCB drivers".

"They really don't care about the value of the data. If they can put it on Dropbox, they will do."

Joan Miller, ICT director of UK Parliament, admitted her department has little interest or control over what parliamentary employees do with faxes, saying that "not leaking press releases before they're due to go to the press" is the biggest concern in this regard.

Generally, however, Miller said ICT "don't really get involved, because [employees] are their own data owners. We don't get involved with what they use their faxes for".