in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption: Could Kindle Be At The Heart Of A Data Breach?

I was perusing some of the smaller breach stories today, when I happened on a story that shows how a company could have a data breach with a digital device that cannot make use of hard disk encryption software.

The actual story involved a Kindle, but any of the current generation of e-ink readers will do.

Auditor's Kindle Stolen

The story that I read involved a college student that bought a stolen Kindle on Craigslist.  He realized that the Kindle he had purchased was hot--as in stolen.  I'm guessing that he was able to connect to the original owner's Amazon account, and got clued that way.

The Kindle was stolen along with a Cadillac, a pair of necklaces, and a state laptop computer that was password protected (this latter device could definitely have made use of encryption software, assuming it had sensitive information on it).

What If...?

Now, it looks like a data breach didn't occur, but it left me wondering, "what if the auditor--anyone, really, when you think about it--had saved sensitive data to the Kindle?"

It might be something of a stretch of the imagination, seeing how saving anything other than books downloaded from Amazon is a cumbersome process: depending on the model, you've got to e-mail documents to the Kindle and whatnot.  (And, it's got that screen-flickering thing which definitely doesn't rock my boat...but that's neither here nor there.)

But, when you consider how you can read documents on the Kindle, and it's so much lighter than your traditional laptop--not even the Mac AIR compares...well, I'd say it's a matter of time before the Kindle, or any other e-reader, becomes the focus of a data breach: For example, you transfer a workplace PDF to the Kindle, and it gets stolen...along with that PDF that has an appendix full of SSNs for county constituents.  Personally, I don't find this to be implausible.

Device Security Not Important Yet

Unlike USB flashdrives, external hard disks, and computers, one cannot use encryption to protect the contents of an e-reader.  For one, it's not supported on the current generation of e-readers.  Well, aside from the DRM on electronic books, of course.

(Off-thread: I'll bet that if anyone does do it, it'll probably be the guys over at iRex.  Have you taken a look at their newest reader, the DR800SG? Sexy.  And, they've always been above the competition when it comes to e-reader hardware.)

I guess, technically, if a reader makes use of built-in external storage (that's an oxymoron, right?), such as SD cards, one could encrypt a file; save it to the SD card; and stick it into the e-reader.  This way, the file is protected and the form factor has increased a bit to prevent a breach from occurring while you're pulling out a smoke.

On the other hand, you're dealing with file encryption--where a user makes the decision to encrypt the file.  That usually results in higher information security breach rates, whereas something like device encryption doesn't require an action on the user's part: the file is encrypted the moment you save it to the device. 

As a pessimist, I'll bet that this issue with e-books comes to the forefront sooner than later.

Related Articles and Sites:
http://www.upi.com/Top_News/2009/09/29/Student-finds-auditors-stolen-Kindle/UPI-39121254241695/

 
<Previous Next>

Data Protection Software: Express Scripts Back In The News (Again)

Drive Encryption Software: HHS Standard Urged To Be Lowered

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.