in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: Used In ECMC Data Breach Affecting 3.3 Million People? Would It Matter?

The big news over the weekend was the theft of a "portable device" from ECMC, a non-profit company that guarantees federal student loans.  What's known so far is that there was a data breach involving 3.3 million people.  There are hints that data encryption like AlertBoot would have helped in this situation; however, the facts are not as forthcoming.

"Old-Fashioned Theft"

According to various media, a spokesman for ECMC (Educational Credit Management Corporation) has announced that the data breach of 3.3 million people included names, addresses, dates of birth, and Social Security numbers.  Other information, such as financial and bank account data, was not included.

The breach occurred when a "portable media device" was stolen from the company's headquarters in Oakdale, MN, and has been described as an "old-fashioned theft...not a hacker incident."

What this seems to imply is that the company experienced a regular burglary.  And, my guess is that the information was in digital format.  Why such a conclusion?  First, there's the term "portable media device."  Second, the clarification of hacking vs. "traditional"; no need to make such a clarification if a bunch of documents were stolen.

I only point this out because I've read commentary that a binder is also a "portable media device," and could be what was stolen.  My response?  Hardly possible.  Chances are, each name covers one line, at least.  With 3.3 million names, printed on letter-sized pages with 10-point font and single-spaced, a printout would run well over 50,000 pages.  The full set of the Encyclopedia Britannica runs 32,640 pages, per amazon.com's product details.  'Nuff said.

Plus, there are media sources that are claiming that discs were stolen.  Another claims it was a "removable media device"; regardless, according to darkreading.com, the information was not supposed to have been copied and stored in such a way and was a "very clear violation of our company policies and protocols."

Would Company-Wide Encryption Have Helped?

No, I don't think so.  Yes, blasphemous words for a disk encryption software company's blog.  However, we must face up to the fact that, in this case, what we have is an "insider" situation.

Even if the company decided to have all of their information encrypted (and who's to say it hasn't and wasn't?), if an employee decides to bring their own portable device--say, a USB thumbdrive or a portable hard disk--and copy data to it...

Well, I guess file encryption could have helped, as well as usb port control applications, the latter by preventing unauthorized external devices from connecting to PCs (and both of which are available with AlertBoot); however, disk encryption wouldn't.  The moment information is copied off of an encrypted device, that information is not secure anymore.

Of course, this is not to say that ECMC wouldn't find disk encryption to be valuable or unnecessary.  Rather, I'm just pointing out that data security consists of many different approaches.


Related Articles and Sites:
http://www.washingtonpost.com/wp-dyn/content/article/2010/03/26/AR2010032605475.html
http://blogs.computerworld.com/15836/second_guessing_the_data_theft_at_ecmc

 
<Previous Next>

Laptop Encryption Software: St. Albans Admits Laptop Loss, Signs Undertaking

Disk Encryption: USB Stick With Sensitive Files On Foster Children Found

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.