Data security needs layers, just like in the real world Hard disk security - encryption, port control, software installation control The need for data security has never been greater. Our society--and societies around the globe--is becoming more plugged-in due to the ubiquity of the internet. Such a level of connectedness is unprecedented, and the future only promises an even more interconnected world. But, people's thoughts regarding data security is still stuck in the pre-Internet era. Locked doors and common sense are no longer enough; actual data security products designed to protect electronic information, like hard drive encryption from AlertBoot are required
The need for data security has never been greater. Our society--and societies around the globe--is becoming more plugged-in due to the ubiquity of the internet. Such a level of connectedness is unprecedented, and the future only promises an even more interconnected world. But, people's thoughts regarding data security is still stuck in the pre-Internet era. Locked doors and common sense are no longer enough; actual data security products designed to protect electronic information, like hard drive encryption from AlertBoot are required
Most people like life to be simple; simple things are good. However, when it comes to security, simple is never good. The reason? Security is about protecting oneself against attacks, and there are many different ways of attacking something. Hence, effective security can only be complex. Take Fort Knox, for instance. Although many people know it as one of the biggest depositories of gold in the world, it's actually an operational military base. What better way to protect your nation's bouillon than to have trained soldiers guarding it around the clock? And these trained soldiers usually have weapons. They may have rifles for a ground assault. They probably have helicopters in the event of an air assault. They're issued gas masks since there is the possibility of poisonous gas being used. In other words, they're prepared for different attacks. Walls, barricades, arms, defense...layered security. Now consider what you're using for data security. Chances are it consists of your office door, the same door that is opened every night by the janitor to empty out your wastebasket. If your company routinely deals with sensitive data--including something as simple as list of SSNs and names--you're just setting yourself up for a data breach, in the sense that pretty much anyone can go through your defenses...including the janitor. Even if the janitor didn't sign up with your company primarily to steal company secrets (something that does happen, although I'm not sure how frequently), he could be approached by an outsider to do the same (something that happens much, much more frequently). And what about those instances where an employee (admittedly by mistake) loses a company laptop computer with sensitive data at the airport? Or maybe it was a USB disk...how are their office doors going to protect the data in such instances? (That's a rhetorical question.)
Most people like life to be simple; simple things are good. However, when it comes to security, simple is never good. The reason? Security is about protecting oneself against attacks, and there are many different ways of attacking something. Hence, effective security can only be complex.
Take Fort Knox, for instance. Although many people know it as one of the biggest depositories of gold in the world, it's actually an operational military base. What better way to protect your nation's bouillon than to have trained soldiers guarding it around the clock?
And these trained soldiers usually have weapons. They may have rifles for a ground assault. They probably have helicopters in the event of an air assault. They're issued gas masks since there is the possibility of poisonous gas being used. In other words, they're prepared for different attacks.
Walls, barricades, arms, defense...layered security.
Now consider what you're using for data security. Chances are it consists of your office door, the same door that is opened every night by the janitor to empty out your wastebasket. If your company routinely deals with sensitive data--including something as simple as list of SSNs and names--you're just setting yourself up for a data breach, in the sense that pretty much anyone can go through your defenses...including the janitor.
Even if the janitor didn't sign up with your company primarily to steal company secrets (something that does happen, although I'm not sure how frequently), he could be approached by an outsider to do the same (something that happens much, much more frequently).
And what about those instances where an employee (admittedly by mistake) loses a company laptop computer with sensitive data at the airport? Or maybe it was a USB disk...how are their office doors going to protect the data in such instances?
(That's a rhetorical question.)
This is not to knock the efficacy of doors and other physical security, like cable locks. I'm using one now as I type on my laptop at a Starbucks. There is the advantage, after all, that doors and such not only protect your data, they generally prevent your computer from being stolen (in such cases, physical and data security are one and the same: as long as the computer is not stolen, the data is safe--well, unless a hacker and the internet is involved, but that's another issue). All I'm pointing out is that if you require data protection, there are different issues to be considered, just like the guys at Fort Knox have to deal with ground attacks, air strikes, and Goldfinger-wannabes putting everyone to sleep (literally). Keeping your data in a secure environment--behind locked doors--is the ideal scenario. But, if employees at your workplace regularly use portable devices like USB memory sticks and travel with laptops...well, the ideal scenario is no longer sustainable. While there are many different products out there, I'd like to shortly cover why encryption, USB port security, and application control may be necessary when it comes to company-issued computers. Full Disk Encryption (FDE) Encryption is one of the more effective ways of protecting your data. It works by scrambling your data, and the more recent ones make it virtually impossible to back-engineer the data. That is, encryption, while it works under the same concept of a Jumble! word puzzle, the methodologies for scrambling the information is so advanced that people pretty much have given up on breaking it. The only practical way to gain access to the data is to provide the password. This, of course, means one has to pay attention to protecting his or her password. FDE is actually a particular type of encryption. What FDE does is it encrypts every single byte of data on a hard disk. This way, if a computer is stolen, the contents are protected no matter what, and regardless of whether sensitive data was placed on that computer or not. It should be pointed out that the information is only protected as long as it's on the disk. Copy it off to a CD or a USB memory stick, and the information is not protected anymore. USB Port Security Even if FDE is used, there is the problem of copying data off of a computer (still possible even if disk encryption is used). Many companies have gone the way of MacGyver and used their own homebrewed solutions to prevent USB ports from being used, including superglue, drills, and pliers. The problem with such an approach is that it cripples the functionality of the USB ports forever, even for legitimate tools, like a computer mouse. A better solution is USB port control (unless, of course, you actually enjoy partially mangling brand new computers). Included as part of the AlertBoot encryption software suite, and found as a standalone application by other providers, it allows an administrator to control what devices can work with the computer: all types of mice, yes; flashdrives, no (or rather, "maybe." It is possible to specify that certain USB drives can be used while others cannot. This would allow encrypted USB memory sticks to be used, for example). Software Control One of the problems computer administrators face is the fact that, once the computer leaves their hands, the enduser is pretty much in total control of the computer. For example, think of all those instances where a company had a data breach due to file-sharing software. P2P software like LimeWire and eMule are...well, they're great, but they're usually not business applications. I don't know to date any IT administrators that have admitted to authorizing their use on corporate machines. It's safe to assume that it's the actual users of laptops that are installing such software, most probably against company computer usage policies (never read, rarely followed). If you're looking for an easy way to control what applications can (or cannot) be installed on a computer, application control might be a lifesaver. The concept is similar to the USB port control I've mentioned above, where a list of authorized or unauthorized products is created. The computer prevents the installation and use of software programs based on these lists. Indeed, it may work to prevent malware from installing on computers (although, the use of antivirus and other such software is still highly recommended). The use of all--or just even one--will go a long way towards minimizing a company from experiencing a data breach.
This is not to knock the efficacy of doors and other physical security, like cable locks. I'm using one now as I type on my laptop at a Starbucks. There is the advantage, after all, that doors and such not only protect your data, they generally prevent your computer from being stolen (in such cases, physical and data security are one and the same: as long as the computer is not stolen, the data is safe--well, unless a hacker and the internet is involved, but that's another issue).
All I'm pointing out is that if you require data protection, there are different issues to be considered, just like the guys at Fort Knox have to deal with ground attacks, air strikes, and Goldfinger-wannabes putting everyone to sleep (literally). Keeping your data in a secure environment--behind locked doors--is the ideal scenario.
But, if employees at your workplace regularly use portable devices like USB memory sticks and travel with laptops...well, the ideal scenario is no longer sustainable.
While there are many different products out there, I'd like to shortly cover why encryption, USB port security, and application control may be necessary when it comes to company-issued computers.
Encryption is one of the more effective ways of protecting your data. It works by scrambling your data, and the more recent ones make it virtually impossible to back-engineer the data. That is, encryption, while it works under the same concept of a Jumble! word puzzle, the methodologies for scrambling the information is so advanced that people pretty much have given up on breaking it. The only practical way to gain access to the data is to provide the password. This, of course, means one has to pay attention to protecting his or her password. FDE is actually a particular type of encryption. What FDE does is it encrypts every single byte of data on a hard disk. This way, if a computer is stolen, the contents are protected no matter what, and regardless of whether sensitive data was placed on that computer or not. It should be pointed out that the information is only protected as long as it's on the disk. Copy it off to a CD or a USB memory stick, and the information is not protected anymore.
The only practical way to gain access to the data is to provide the password. This, of course, means one has to pay attention to protecting his or her password.
FDE is actually a particular type of encryption. What FDE does is it encrypts every single byte of data on a hard disk. This way, if a computer is stolen, the contents are protected no matter what, and regardless of whether sensitive data was placed on that computer or not. It should be pointed out that the information is only protected as long as it's on the disk. Copy it off to a CD or a USB memory stick, and the information is not protected anymore.
Even if FDE is used, there is the problem of copying data off of a computer (still possible even if disk encryption is used). Many companies have gone the way of MacGyver and used their own homebrewed solutions to prevent USB ports from being used, including superglue, drills, and pliers. The problem with such an approach is that it cripples the functionality of the USB ports forever, even for legitimate tools, like a computer mouse. A better solution is USB port control (unless, of course, you actually enjoy partially mangling brand new computers). Included as part of the AlertBoot encryption software suite, and found as a standalone application by other providers, it allows an administrator to control what devices can work with the computer: all types of mice, yes; flashdrives, no (or rather, "maybe." It is possible to specify that certain USB drives can be used while others cannot. This would allow encrypted USB memory sticks to be used, for example).
The problem with such an approach is that it cripples the functionality of the USB ports forever, even for legitimate tools, like a computer mouse.
A better solution is USB port control (unless, of course, you actually enjoy partially mangling brand new computers). Included as part of the AlertBoot encryption software suite, and found as a standalone application by other providers, it allows an administrator to control what devices can work with the computer: all types of mice, yes; flashdrives, no (or rather, "maybe." It is possible to specify that certain USB drives can be used while others cannot. This would allow encrypted USB memory sticks to be used, for example).
One of the problems computer administrators face is the fact that, once the computer leaves their hands, the enduser is pretty much in total control of the computer. For example, think of all those instances where a company had a data breach due to file-sharing software. P2P software like LimeWire and eMule are...well, they're great, but they're usually not business applications. I don't know to date any IT administrators that have admitted to authorizing their use on corporate machines. It's safe to assume that it's the actual users of laptops that are installing such software, most probably against company computer usage policies (never read, rarely followed). If you're looking for an easy way to control what applications can (or cannot) be installed on a computer, application control might be a lifesaver. The concept is similar to the USB port control I've mentioned above, where a list of authorized or unauthorized products is created. The computer prevents the installation and use of software programs based on these lists. Indeed, it may work to prevent malware from installing on computers (although, the use of antivirus and other such software is still highly recommended).
P2P software like LimeWire and eMule are...well, they're great, but they're usually not business applications. I don't know to date any IT administrators that have admitted to authorizing their use on corporate machines. It's safe to assume that it's the actual users of laptops that are installing such software, most probably against company computer usage policies (never read, rarely followed).
If you're looking for an easy way to control what applications can (or cannot) be installed on a computer, application control might be a lifesaver. The concept is similar to the USB port control I've mentioned above, where a list of authorized or unauthorized products is created.
The computer prevents the installation and use of software programs based on these lists. Indeed, it may work to prevent malware from installing on computers (although, the use of antivirus and other such software is still highly recommended).
The use of all--or just even one--will go a long way towards minimizing a company from experiencing a data breach.