in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software Is Trumped By Private Couriers? Is That What I'm Supposed To Conclude?

I ran across a weird requirement by the CDPH, the California Department of Public Health, today.  According to an article, the CDPH "requires the state to use a private courier instead of the U.S. Postal Service for" transporting sensitive material.  I don't understand.  If they want to protect sensitive material, wouldn't it be better to use drive encryption or some other form of cryptographic technology, such as those provided by AlertBoot and others?

It's Protocol

I was reading an entry over at the HIPAA Blog where the author linked to an article and observed:

Sometimes the Regulators Screw Up, Too: The California Department of Public Health used the mail when they should've used a private courier, and lost some data. I wonder how much they're going to fine themselves.

Now this didn't make sense to me because:

  1. I'm under the impression that regulators screw up all the time, not just sometimes.  Well, OK; nearly all the time.
  2. No regulator is going to fine itself - nothing to wonder there.
  3. What does a private courier have to do anything?

Obviously, the first two are tongue-in-cheek (although less so for #2).

I clicked on the link, and presto, it leads me to a story I had commented on -- the loss of a medical data tape by the CDPH.

The story by healthleadersmedia.com has some additional details that I didn't know at the time I wrote up the post, but the most shocking piece of information I obtained was the CDPH protocol I quoted at the beginning of this post.

Why the requirement to use a private courier, such as UPS or FedEx?  I mean, the point of their service is not better rates of successful deliveries.  The point of using private couriers is to get stuff to the destination, faster (and at a hefty premium, I should add).

Why is it Protocol?  Better Security?

Here are some of the stories I've covered over the years where a private courier lost stuff (and was the reason for a data breach):

I'm pretty sure there are others, but I couldn't find them with the limited time I have.  And, remember, I generally cover instances where digital data is lost.  Instances where regular mail or packages are lost are not covered at this blog.  But Google does a great job of searching them up.

As the above evidences, "private courier" is not tantamount to "security" -- whatever that might mean under the circumstances.  How a department that is tasked with overseeing data security manages to drum up this particular protocol is beyond me.

If you want security for your digital data, and it's being handed over to a proxy until it arrives at another secure location, there is no other method of guaranteeing security to using encryption software.  With a private courier service, you're just kidding yourself (at a premium rate, I might add).


Related Articles and Sites:
http://hipaablog.blogspot.com/2010/12/sometimes-regulators-screw-up-too.html
http://www.healthleadersmedia.com/content/TEC-260264/CDPH-Reports-Big-Data-Security-Breach##

 
<Previous Next>

USB Drive Encryption: Korean Military Loses USB With Military Exercise Plans

Drive Encryption Software: Armstrong Atlantic State University Loses Storage Device, Has Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.