in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Backup Tape Data: Encryption Was Used, Information to Decrypt Also On Tape

Update (Dec 4, 2008): According to the site www.pogowasright.org,  C-W Agencies was able to recover the stolen tape and forensic experts are examining it to see whether their data was accessed or not.

According to the Vancouver Sun, C-W Agencies in Canada is claiming to be a victim of a data breach.  The alleged perpetrator is the former vice-president of IT of the company, and the accusation is that he stole a backup tape with information on 3.2 million customers.  The good news?  Data encryption was used to protect the client data.  The bad news?  According to C-W Agencies, the information necessary to decrypt it is also stored on the tape.

The potential worth of the customer information, which includes credit card and bank account information of more than 800,000 customers,  has been pegged at $10 million (Canadian, I assume…an observation that would have meant something a year ago), or about $12.50 per name.  Shocking how worthless your personal information is on the market, black or otherwise, when you consider the damages that can be effected.

How Can Encryption Help In Such Scenarios?

Sorry to say, it cannot, because of the specifics of the situation.  It’d be like asking how can you prevent the Brinks guy from driving away in his armored truck when he suddenly decides to steal the money instead of making his rounds.  You just can’t.

When a guy knows the passwords to decrypt protected data decides to go “rogue,” the security game is over.  This is why encryption is never, and cannot be, considered the be all, end all for all of your data security woes.  Encryption merely plays a part, but admittedly an important part, in a more holistic information security approach that involves inventorying, encryption, audits, firewalls, physical locks, and employee education (and their interest in security), among other factors.

For example, consider the above story: The former IT guy was not exactly trusted; he was supposedly a problem employee.  But, due to his status as VP of IT, he had access to sensitive information.  By all accounts, his theft would have been the perfect crime, except for one thing: the network administrator reported his suspicions of hanky-panky to the chief executive.  The potential, negative ramifications of the data breach were foiled by the least sophisticated method possible: telling on someone.

Keep Your Passwords Safe

The importance of keeping passwords safe can be gleaned from the above story.  Rogue agents, the theory goes, are unstoppable because we already trust them.  But, I would say that trust is not the main reason.  The main reason that rogues cannot be stopped is because they already have access. It just goes to show the importance of keeping passwords safe -- an organization shouldn’t accept nor allow passwords to be shared or posted.

Related Articles:
http://www.canada.com/vancouversun/news/westcoastnews/story.html?id=055fa12a-2bca-4804-9bef-a44eee60de5f
http://www.pogowasright.org/article.php?story=20081204140710834

 
<Previous Next>

Military USB Memory Stick Ban: Lack Of Disk Encryption Is Not The Only Issue

Stop Data Theft: Choice Of Superglue Or Port Blocking Software?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.