in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: 1/5 Of Breaches Occur By 3rd Party Recovery Services

According to a number of sites covering the issue, the Ponemon Institute has released a survey showing that 21% of information security breaches occur when corporate data is being held by a data recovery service provider.  This is one of those areas where disk encryption software cannot help because, well, one's voluntary allowed a third party to access the data.

I mean, how else is one supposed to recover data?

769 IT Practitioners Surveyed

Ponemon surveyed 769 CIOs and CISOs, and of the 87% who responded as having experienced a breach in the past couple of years, 21% said a breach occurred "when a drive was in the possession of a third-party data recovery service provider."

Disk encryption was created for those instances where a third party has your device: namely, when it's stolen (yeah, most people wouldn't quite call thieves a "third party."  But if fits the definition).  However, in this case, the third party is doing something on behalf of the data owner.  And, generally, a third party like a data recovery service provider requires access to the hard disk.

Otherwise, how's the service going to know if it's actually doings its job correctly or merely worsening the problem?

In such situations, the only solution is to use a data recovery service provider that's been vetted.  As inforworld.com points out, though, this is not always possible: what if an employee's computer breaks down while on the road?

Plus, even if a company is vetted, it doesn't necessarily mean that the employees will act faithfully according to the company's policies.  For example, I remember reading how the geeks at Geek Squad would copy content from computers that came in for servicing.  This certainly is not company policy.

Perhaps I'm jumping the gun here, though, as most companies are not particularly interested in security:

About 81 percent of the respondents said the speed of recovery was the most important factor in choosing a vendor and 75 percent said the ability to successfully recover data was the most important. Security-related concerns were not a priority for these respondents, according to the survey. [eweek.com]

Seeing how 18% of data breaches can be traced back to a data recovery vendor, perhaps the placement of data security in the vendor factor totem pole ought to be thought over.


Related Articles and Sites:
http://www.infoworld.com/t/security/companies-prove-careless-when-enlisting-data-recovery-services-183816
http://www.networkworld.com/news/2012/011112-data-recovery-254804.html

 
<Previous Next>

Data Encryption: Victorinox Offering $3000, 1 TB Flash Drive Later This Year

Drive Encryption: Data Lost In Transit Is Now #2 Reason For Data Breaches

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.