in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Full Disk Encryption Missing In Stolen Colt Laptop Hits Home: Netegrity

“Sd@sd!#dfs@wefe%@@##!” is what the dark lord would have said, if he weren’t so civilized.  No, instead his first words were “are you kidding me?”  The dark lord I refer to in this case is my boss.  He can tell you a thing or two about why data encryption is so important.  Especially now, since he is a former employee at Netegrity and, possibly, a soon‑to‑be identity theft statistic.

 

CA, Inc., formerly known as Computer Associates and buyer of Netegrity in 2004, has filed a letter with New Hampshire Attorney General’s office.  Netegrity is a recent addition to the group of companies affected by the theft of computers from Colt Express Outsourcing Services.  According to the letter, the information on 507 former Netegrity employees and dependents was in one of the lost computers.  My boss tells me that the company had about 600 employees at its peak, so he’s pretty certain he’ll get the letter informing him of the loss. (He can get a preview by clicking on the above link.)

 

Information that could possibly be breached include names, addresses, phone numbers, dates of birth, and Social Security numbers.  “Possibly breached,” since, if memory serves, the stolen computers had password‑protection as a “security measure.” (I may be wrong about this.  Colt has never, as far as I know, announced that the stolen computer had password‑protection.  I probably read it from one of the other company’s letters to the NH AG.)

 

What’s funny to me (in a clear case of schadenfreude) is that CA is stuck with this situation for absolutely no reason but bad luck.  Since former Netegrity employees, not CA employees, are affected, it’s quite obvious that it was Netegrity who had signed up with Colt in the first place.  And, I’d imagine that once CA bought out Netegrity, any remaining employees who went into CA’s fold would have had their benefits management transferred over to whoever CA was, or is, using.  Furthermore, if my logic is not wrong, at that point Colt should have gotten rid of the Netegrity data or secured it somehow.  Probably the latter, since in this lawsuit‑happy country you may need to prove your innocence someday, somehow for some reason or other.  However, Colt hadn’t secured the data.

 

So, again, CA is stuck with the mess, just like Google, bebe, and CNet, among others.  A further twist is that CA has “implemented steps to ensure that appropriate security measures are in place to prevent this kind of loss…”  Why?  I mean, educating employees about data security is a good idea in the digital age.  However, the data security breach that CA has experienced was—let’s face it—outside of CA’s control.  The company also writes about requiring vendors to sign a “Data Protection Agreement.”  Again, a good thing…but how would it have helped in a situation like Colt’s, where any bonds between the companies were severed, and the contract technically did not involve CA?  Maybe what they mean is that CA has had data security measures in place for a long time now, so the NH AG need not worry the sorry scenario will be replicated at CA proper.

 

Unfortunately, breaches can and do take the form of a “black swan” event, borrowing Taleb’s expression.  A data breach at any company is a matter of when, be it CA or any other company, no matter how successful they’ve been at information security in the past.  The good news is that there are tools like AlertBoot to decrease the potential incident of a data breach.  The bad news is there no way to eliminate data breaches.  The worst news?  You work for a pointy‑haired boss who doesn’t understand this and commissions you to find something that will literally prevent data breaches 100 %.  (If you don’t understand why, despite sounding sensible, this doesn’t make sense, there’s a good chance you are the PHB).

 
<Previous Next>

Hard Drive Encryption Could Have Eased Cleveland Clinic’s Travails

File Encryption Not On Back Up Tape, 15 Years Worth Of Personal Information Compromised

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.