in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Hard Disk Encryption Protects Data When Accessed By Unauthorized User? Not Quite

In an article titled "Is Your Patient Data Secure?" Sara Michael makes observations on the importance of data security when it comes to patient information.  Furthermore, she notes how password protection is not adequate when it comes to data security (one should opt for the use of data encryption software, such as AlertBoot endpoint security software) , and that physically securing hardware is necessary.

She's right except for one tiny detail that trips up a lot of people.

Encryption Software Doesn't Protect You In Certain Situations

So what can you do to protect your practice?

One control measure is disk encryption, which uses software to protect data on the hard drive should it be accessed by an unauthorized user. The software makes it difficult for someone to remove the hard drive and read its contents on another computer. [diagnosticimaging.com]

What's wrong about the above?  Not the statement that disk encryption programs are an excellent method of protecting data.  Nor the statement that encryption makes it difficult for someone to remove the drive and read it (I'll go into that in a moment).

The wrong statement, surprisingly, is that "disk encryption...protects data on the hard drive should it be accessed..."  It might be a linguistic technicality, but if an unauthorized user has already accessed the hard drive, it means that person is already looking at unencrypted information.

Hard disk encryption, also known as whole disk or full disk encryption, is analogous to a safe, to a strongbox: If the security is "on," it takes a skilled expert with seriously expensive tools to get around it.  If the security is "off," the average 7-year old can access it.

For a safe, security is "on" when the door is closed and the lock is in place.  Security is "off" when the door is unlocked and open, no matter how slightly.  The latter is the state when you've accessed the safe.  If a burglar breaks into your home at that exact moment, you might just as well not have a safe.

For a computer with disk encryption, encryption security is "on" when the computer is in its "off" state.  Security is "off" when you're accessing the computer's contents (just like with the safe).  If an unauthorized user has already accessed your computer, chances are that disk encryption has been bypassed already.  Furthermore, if the computer is stolen while in its "on" state (security "off" state), there is nothing that disk encryption can do for you (it's a different matter if the computer is turned off after the thief steals it).

What above author probably meant is that encryption "protects data on the hard drive should an unauthorized user try to access it."

What about Password Protection?

Michael observed that disk encryption software makes it difficult for someone to remove the hard drive and read its contents on another computer.  What she's referring to is the slaving of a disk to another computer.

Slaving is when you take the hard drive of one computer (machine A) and hook it up to another computer (machine B).  While machine A's hard drive has an operating system (OS) installed in it, it becomes a slave to machine B -- which has its own OS -- when connected to it.  Under the circumstances, machine A's hard drive is essentially an external portable drive.

Which means that, if you had password-protection on machine A, it's not going to kick in while it's slaved to machine B.  In fact, this is one of a handful of easy ways to bypass password protection.

How does encryption software compare?  An encrypted hard drive leads to an entirely different story.  Do the same for an encrypted drive and a computer will instantly recognize it as an unformatted hard drive.  The reason?  Because encryption protects data by scrambling it, it appears as if there's not structure to the data within the drive, the classic definition of an unformatted hard drive.

Certainly, the drive may be written over and your data lost forever....but, encryption still does what it's designed to do: keep your data confidential.


Related Articles and Sites:
http://www.diagnosticimaging.com/practice-management/content/article/113619/1776505

 
<Previous Next>

Desktop Encryption Software: Encrypting Hard Drives For Better Data Security

Data Encryption: Does Amazon's EC2 Threaten Encryption Software?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.