in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software Not Used On Stolen Tulsa CTP Server

The Commission for Teacher Preparation (CTP) in Oklahoma has notified past test takers that they may be victims of a data breach, although there are indications that they should be safe.  Of course, if data protection software like drive encryption from AlertBoot had been used, there would be no need for "indicators": CTP would just know that test takers are safe.

Recovered Server Stolen in 2007

As far as I can tell, the commotion was started by a recovered server.  Oklahoma policy recovered two computers as part of an investigation, and one them happened to be the CTP server.  The commission hadn't noticed the server was missing because it was being stored off-site, as a backup to a new server they had received in 2007.

The server contained the names and SSNs of candidates who had taken tests for certification and licensure between 1999 and 2007, inclusive.

Server Not Accessed

According to an analysis of the server, the computer was not accessed since the day it was retired (and put into storage).  This does not necessarily mean that the information on the server couldn't have been accessed: it's notoriously difficult to be certain that a drive was not accessed since dates on files and logs can be manipulated or deleted.

However, my guess is that's highly probable that the conclusion by the commission is correct.  I mean, people don't try to hide what they did on a stolen computer.  The assumption by most thieves would be that the computer will not be returned to the victim.  Hence, no need to hide their activities.

Luck is Not A Data Security Measure

The CTP has been extremely lucky.  Their server was stolen; for over two years, they had no idea that it was stolen, so they couldn't contact possibly-affected victims; and it looks like the data was not compromised (again, highly improbable...but not impossible).  I mean, anything could have happened...and it did not.

Well, at least so far it hasn't.  It could be that once the test-takers are contacted, a pattern of affected people starts to pop up.

Using Encryption To Secure Data

Apparently, the CTP has also woken up to the fact that they've gotten lucky this time.  According to a spokesperson, the data is being encrypted to protect it from future, potential breaches.

Why does it matter that data security measures, like hard disk encryption or file encryption, are used?

Encryption is not a panacea when it comes to data security, but it's one of the fundamental tools when it comes to securing information.  More often than not, it's the last security weapon available when all other forms of protection fail.  That's because encryption will still be in place even if a computer or portable disk is stolen (the fact that it was stolen means that other security measure such as guards, doors, and cable locks were defeated).

The trick, though, is to have encryption in place before the device gets stolen.

Related Articles and Sites:
http://www.tulsaworld.com/news/article.aspx?subjectid=298&articleid=20090623_298_0_OKLAHO402850
http://www.newsok.com/data-danger-not-foreseen-for-oklahoma-teachers/article/3380245
http://www.ktul.com/news/stories/0609/634644.html

 
<Previous Next>

Cost Of A Data Breach: TJX Settles For $10 Million

Encrypt USB Key: Data Encryption Not Used On Missing Florida Department of Revenue USB Stick

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.