in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Systemic Failure To Blame In HMRC Data Breach: Why Hard Drive Encryption Wouldn’t Have Worked

Auditors have today released their reports on the HMRC data fiasco from last year.  At the time, a junior employee was blamed for the loss of sensitive data affecting 25 million UK citizens.  The audit reports place the blame squarely on…nobody.  There are many covering this news, but the UK ZDNet seems to sum things up nicely.  And when one reads the conclusions, it makes one wonder whether disk encryption solutions like AlertBoot would have helped in this case.  Not because encryption is not secure enough, but because the work environment is one of those types where people are not aware of what they’re doing.

 

According to the report, the National Audit Office (NAO) had asked for the information multiple times, and the HMRC responded—badly, every single time.  By badly, I mean that their data security practices were inexistent.  For example, when the NAO asked for data, it also requested that personal data—including names, addresses, and bank account details—be stripped.  HMRC ignored the request in order to save money.

 

What could the HMRC have been thinking?  I’ve been associated with government bureaucracies in some way or another my entire life, so I’m assuming, based on my experience, that it went something like this: Well…that’s going to cost my department money, and we’re on a tight budget.  So, we’ll ignore the request, send the data, and they can deal with deleting the data, using money from their budget.

 

Then there are the unencrypted disks.  Supposedly, government regulations required data to be encrypted.  They were not.  What’s not mentioned anywhere (and I won’t read the actual audit reports…they’re like 100 pages each) is whether staff members had access to encryption software.  Using data encryption may be a no‑brainer, but if the tools are not there....  Plus, nobody took any interest in tracking the sensitive information, ensuring it arrived at the correct destination.

 

In that kind of work environment, ensuring data security is very hard.  Granted, if we were talking about securing the data on laptops, solutions like full disk encryption could have afforded some peace of mind.  Encrypt your laptops once, and they’re encrypted for life.  If someone decides to send that via internal mail and it gets lost—well, the data on that laptop is still secure.

 

However, encryption does not guarantee data safety when people are unaware of good security practices.  For example, how many people do you know who have a post-it stuck to a monitor, a post-it with the username and password for accessing…pretty much anything?

 

As the auditors correctly pointed out, the blame cannot fall on one person if everyone has had a hand in creating such an environment.

 

Related Artiles and Sites:

http://news.zdnet.co.uk/security/0,1000000189,39439032,00.htm

 
<Previous Next>

Data Security Solutions Like Full Disk Encryption Allows Change In Grammar?

Full Disk Encryption Is More Than The Illusion Of Security

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.