An article in the UK’s Daily Mail said that a used hard drive recently purchased on ebay included test launch procedures for Lockheed Martin’s THAAD (Terminal High Altitude Area Defense) missile defense system used to shoot down Scud missiles in Iraq. Also on the same disk were security policies, blueprints, and employees’ personal info. Confidential corporate data was found as well.
British researchers found the data while studying more than 300 hard disks bought at computer auctions, computer fairs and eBay. A spokesman for BT said they found 34 per cent of the hard drives scrutinised contained ‘information of either personal data that could be identified to an individual or commercial data identifying a company or organisation.’
It really isn’t that hard to ensure the security of your data at rest (that which is being stored on disks, tapes, CDROMs, DVDs and so on). If you cannot maintain control of the media, then you need to encrypt the data on the media. There are literally dozens of ways to do this, with the simplest being Full Disk Encryption (FDE). In addition to hard drives from Seagate and other vendors with native encryption capabilities, several companies offer software to do this on Mac, PC, Linux, and other desktop operating systems which is completely transparent to the operating system. When the user is logged off or if the drive is pulled from the system, the data is unintelligible unless someone has the encryption key.
There are also dozens of solutions for servers, including, encryption SAN switches, software encryption libraries, encryption key managers and so on.
Several companies such as SanDisk, IronKey, and Kingston sell USB flash drives with hardware encryption chips built into the drive. Even the cheapest least expensive SanDisk Cruzer with U3 software offers encryption capabilities. No password, no data. Leave your drive in the seat pocket of an airplane? No problem!
So why do we still hear stories about hard drives bought on ebay and flash drives left in taxis? If it’s because military and business leaders don’t realize how easy it is to protect their data, I would like to help. If you want to learn about many of the options available to protect data at rest, please join me for my session on volume level encryption at the HP Technology Forum on Thursday, June 18 at 10:30 AM in Banyan E. You don’t need to be a tekkie to attend, but you do need to care about keeping your organization’s confidential information secure.
