in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Connecticut Data Encryption: Senator To Propose Required Encryption For Insurance Companies

It looks like Connecticut could be following in the footsteps of New Jersey: according to stamford.dailyvoice.com, state senators are considering proposing legislation that would require Insurance companies to encrypt any sensitive personal data.   If said proposal passes, it would become the second state I know of that makes it mandatory for insurance companies to use data encryption.  New Jersey recently approved a bill that did the same for insurance companies in the Garden State, going as far as requiring the encryption of data on desktop computers.

Anthem Breach Aftermath

One of the largest data breaches to hit the US was made public in January: a breach of Anthem's database affected approximately 80 million members.  Over 1 million of them were residents of Connecticut, and enough of them contacted the state to merit considering legislation specifically to the insurance sector.

Over the past month, the topic of Anthem's data breach has been such that I'm surprised the issue hasn't been broached sooner.  With the exception of a handful of laws, current federal and state statutes are seriously lacking when it comes to data security.  Most recommend the use of encryption, with dire consequences in the event of a data mishap.  However, a recommendation does not have the same sense of urgency as compulsory obligation.  No surprise, then, that many organizations take the recommendation as an optional action.  Of course, they're not actually supposed to approach it in that manner but why wouldn't they?  They're not obligated to do anything and there's so much to do (or so the real-world reasoning goes).

Encryption not a Silver Bullet

Of course, encryption is not a cure-all for all data ills.  As knowledgeable people have pointed out after the Anthem data breach, there is very little that the insurer could have done to protect their data because the company's database is in use all the time.

For example, technologies like disk encryption only protect information when a device is in "off" mode, be it a laptop, a portable hard drive, or a data server.  The analogy of a safe is not out of place if one thinks of encryption as the vault and the money as sensitive data: as long as the money is being used, it can't be in the vault and hence it remains unprotected.  Put the money in the vault and it's protected…but it can't be used.  Likewise, when data is being used, it cannot be protected.

The Connecticut senators appear to be aware of this shortfall:
That is why we are introducing this necessary, commonsense legislation to encrypt personal information. If we cannot prevent hackers from getting in, we can at least thwart their efforts by limiting what information they get and rendering it useless.
It's becoming clearer and clearer that this is the kind of thinking we need.  The method of passing indirect, passive-aggressive legislation has run its course and sadly proven that it doesn't work.
Related Articles and Sites:
http://stamford.dailyvoice.com/politics/sens-leone-duff-propose-encrypting-personal-data
 
<Previous Next>

Data Breach Law: Wyoming Updates Laws On Data Privacy

Cost of a Data Breach: Target Says 2013 Breach Cost $252 Million So Far

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.