in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: Laptops And Backup Stolen From Alan M Casson & Associates

Alan Casson, of Alan M Casson & Associates, has signed an Undertaking with the UK's Information Commissioner's Office because of a data breach.  According to the agreement, two computers and a backup disk were stolen during a break-in.  Disk encryption software like AlertBoot was not used to secure the data on any of the devices.  Approximately 8,000 people were affected.

Locked in Cupboard, Encryption on the Way

The details in the Undertaking are as follow: burglars broke into Alan M Casson & Associates' business premises and stole two laptops and "back up media."  The laptops had been stored in a locked cupboard in a locked office.  The backup was "stored in a safe which was also stolen during the incident."  Whether this means the safe was stolen -- along with it contents -- or whether the safe was broken into and the backup was stolen, your guess is as good as mine.

It is claimed that the company was "in the process of upgrading their computer systems and software to include encryption."  The break-in occurred before this could take place, however.

According to phiprivacy.net, the company appears to be a dental practice.

Physical Security Very Fallible

Why would one opt to use encryption software to protect data?  Because the above illustrates how physical security can fail.  Physical security, if implemented correctly, is something that works very well.  Sometimes, you're forced to use nothing but physical security.  For example, a military encampment uses physical security (gates, barricades, walls, barbed wire, sentries, etc.) because, frankly, there is no other way to protect it.

However, if something necessitates guarding and there are many ways of doing so, then it behooves one to see which one is better.  When it comes to data on digital media, data encryption software is much better than physical security.

First, consider its cost and the cost of bypassing it: strong encryption, such as AES-256, is for all matters and purposes, unbreakable.  Certainly, it can be done, but it requires the resources of an NSA or a GCHQ.  In other words, it's expensive to get around the protection afforded by encryption.  And it's cost?  Around $100 / year using AlertBoot.  So, you can protect your data for $100 while the bad guys would need at least millions of dollars to bypass it.  That's what I call an excellent risk/reward ratio.

Second, encryption is security that travels with your data.  The security setup in your office -- safes, cupboards, cable locks, etc. -- are unavailable if you take a laptop from the office.  Maybe you have the same level of security guarding your home or your car; most probably, you do not.  So, the level of physical protection can vary depending on where your laptop is.  This is not so with encryption.

Consider a full disk encryption software program.  It encrypts your computer's hard drive, so, regardless of where your laptop is, the data is protected: home, office, car, etc.  Plus, even if the hard drive is taken out of the laptop and hooked up to another laptop (a common way of getting around password-protection), the encryption still protects your data.

Third, you can actually remotely wipe data, if necessary, if encryption is used.  For example, with AlertBoot, encryption key management is done over the cloud (i.e., the internet).  Consequently, it also means you can "lose" the encryption key via the internet as well.  This "key loss" is how disks are remotely deleted: without the key, the encryption software doesn't know how to convert the encrypted contents into every-day, usable content like text documents and movie files.

Physical security can't do this kind of cool stuff...well, unless you take a drone and crash it somewhere, I guess.  But, that raises so many issues at the state and federal levels that you don't want to be caught doing that.


Related Articles and Sites:
http://www.phiprivacy.net/?p=8523
http://www.ico.gov.uk/what_we_cover/taking_action/~/media/documents/library/Data_Protection/Notices/alan_casson_undertaking.ashx (Automatic PDF download)

 
<Previous Next>

Data Protection Laws: EU Looking To Make Big Changes

Data Encryption: Pulaski County Special School District Notifies Employees of Data Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.