in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Royal Air Force Staff Information Stolen In Theft From High Security Area. Hard Drive Encryption Not Used

Personal details of 50,000 current and ex RAF personnel was lost on September 17.  From a high-security area.  The sensitive information was stored on three external hard drives that were not protected with hard drive encryption software like AlertBoot.  This case is something of a calamity, since it’s more than a lost or stolen disk.  Unlike the incidents over the past year, this isn’t a case where an officer used poor judgment and took sensitive information to McDonald’s, to a pub, or to a club.  Someone managed to steal it from what I’m led to believe is a secure space.

 

Food for thought, no?  While blogging about security breaches over the past year, I’ve come across way too many instances where web surfers would decry the fact that stolen data was placed in laptops, USB memory sticks, external hard drives, etc. – anything that seemed portable.  They claimed that sensitive data should (and if it were up to them, would only) be stored in data centers, where the appropriate physical security would be in place: cages, automatic and electric locks, armed guards, walls with no windows, steel doors, the works.  I never could wrap my head around that.  Not because I don’t think that securing data is important, but because people assume that stuff in data centers is not portable.

 

Technically, anything that was not present in the construction of a data center is portable.  I mean, those blade servers didn’t come pre-installed with the data center; they can be taken out the way they came in.  I know this because I’ve done that.

 

And, sure, they’re bigger than a USB drive.  So what?  If someone took the time and spent the energy to break in successfully into a secure location, they’ll find a way to get at what they’re looking for.  A data center is more secure than the locked trunk of a car; however, “more secure” doesn’t mean “better security” anymore than “more chefs working on your broth” means “better soup.”

 

Use encryption to protect your data.  It’s about the only thing out there was invented to protection information.  Let me repeat that.  It was invented to protect information.  And it does its intended job very well.  Just ask the NSA.  Or the CIA.  Or their equivalent in other countries.

 

If you use disk encryption, for example, as the RAF should have done with the three missing disks, it doesn’t matter whether the disks were left in a locked cupboard (as they actually were) in an Air Force base; an unlocked cupboard in your granny’s pantry; a locked glove compartment in a car; or in a data center.  Why?  Because the information is protected regardless.

 

And isn’t that the point of protecting information?  As opposed to making a show of protecting information?

 

Related Articles:

http://news.bbc.co.uk/2/hi/uk_news/england/gloucestershire/7639006.stm

http://www.theregister.co.uk/2008/09/29/raf_usb_drives_stolen/

http://www.telegraph.co.uk/news/newstopics/politics/defence/3089374/Thousands-of-personal-files-stolen-from-RAF-base.html

http://www.timesonline.co.uk/tol/news/politics/article4834471.ece

 
<Previous Next>

Data Encryption Used In Lost Data Disk Containing Information on 11,500 UK Teachers

Nikon Coolpix and Data Breach: Tied For Life Thanks To Google And MI6 Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.