in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: Avnet Servers Stolen, ICO Looking Into Breach

The UK's Information Commissioner's Office is looking into a data breach that occurred in December 2011.  According to channelregister.co.uk, Avnet Technology Solutions suffered a data breach on December 21 when "unknown parties broke into" their offices.  Could the use of data encryption software mollified the ICO?  Probably.  Was it an option?  Well...maybe.

Server Hard Disks Stolen

The Haslingden, Lancashire offices of Avnet were broken into on December 21, 2011.  Server hard disks -- and not the servers themselves -- were stolen.  These contained data on staff and customers related to the acquisition of Bell Micro.  While channelregister.co.uk originally reported that addresses, bank account numbers, sort codes, passport numbers, and national insurance numbers were stolen, it was later contacted by Avnet, and a correction was issued: passport and national insurance numbers were not part of the stolen data.

Avnet would not confirm how many people were affected by the breach, or how many hard disk drives were stolen.

The thing about servers is that, generally, people don't want to use disk encryption software on them because of its negative impact on system resources.  It depends from server to server, of course: if a server is accessed every five seconds, then encryption software would probably not impact it negatively.  However, if the server is running at 100% all the time, then that computer needs all the resources that can be spared and then some.

What kinds of servers were involved in the Avnet case?  We don't know.  We do know, however, that the breached data was probably not needed on a 24/7 basis.  Of course, what else was on these servers is unknown, so it's hard to decide whether encryption would have been a viable data security measure in this particular case.

Servers Stolen All the Time

Servers getting stolen -- in whole or otherwise -- is not a new phenomenon.  I've read of servers getting stolen; of their hard disks getting stolen; of data centers being broken into -- in one case, by putting an electric saw to the wall -- and everything inside getting stolen.  It's as if *gasp* thieves will steal just about anything.

Obviously, the occurrence of server thefts is rather low -- physical security may have its shortcomings, but let's face it, it generally works -- but this is not a reason for being lax about using encryption on servers.  Even if disk encryption is not an option due to performance issues, care should be taken to at least use file or folder encryption to protect any sensitive data.  Relying solely on physical security (locks, cages, guards, etc.) is not an option in this day and age.


Related Articles and Sites:
http://www.channelregister.co.uk/2012/01/20/avnet_tech_solutions_break_in/
http://www.channelregister.co.uk/2012/02/28/avnet_ico_data_breach/

 
<Previous Next>

Hard Disk Encryption: Victoria House Children's Centre Data Breach

Laptop Encryption Software: NASA Lost Unencrypted Laptop Computer In March 2011

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.