Blog

Posts Tagged ‘portable hard drive’

Why You Should Use Self-Encrypting Drives

Monday, April 25th, 2011

Laptops and external hard drives are lost or stolen just about every hour of every day. It could be from an office, a car, a home, sitting at a coffee shop, hanging out in an airport terminal waiting for a flight, forgetting a bag in a taxi–it doesn’t really matter how it happens. The problem is that those laptops and drives typically contain 250GB or more of data–much of which might be sensitive or confidential in nature.

The whole point of the laptop and portable storage is to be able to be productive on the go, so it is not a practical solution to try to just ban the storage of such data on laptops or portable drives. Some workers need that data to do their jobs.

However, “locking down” the laptop with a username and password for logging in to the operating system does not protect the data. There are a thousand ways for a resourceful hacker to bypass most traditional protection and access the data contained on the drive itself.

Zecurion’s Zlock is an effective means of enforcing data policies, and minimizing the exposure of sensitive information on removable media, and Zecurion’s Zserver Suite–Zserver Storage and Zserver Backup–are great tools for encrypting and protecting data at rest on servers and backup media, but you also need to protect data on laptops and portable storage devices. There are a variety of solutions for encrypting the data. Microsoft Windows has BitLocker and BitLocker To Go for encrypting data. There are also open source tools like TrueCrypt, or secure drives like the Aegis Padlock.

You might need to resort to those tools, though–or you can consider them as an additional layer of security. The self-encrypting drive is quickly evolving from a niche premium to a mainstream commodity. The advantage of the self-encrypting drive is that the hardware-based encryption has little impact on performance, and the fact that the keys are generated and stored locally reduces the administrative overhead.

Bottom line–with self-encrypting drives becoming an established standard, there is no excuse for data on laptops and portable storage devices to be unprotected.

Tags: , , , ,
Posted in Data Storage Security | No Comments »

Portable Hard Drive Theft Puts Client Data at Risk

Monday, April 19th, 2010

A portable hard drive containing unencrypted data was stolen from the car of an LPL Financial representative, putting the names, addresses, birth dates, and Social Security numbers of an undisclosed number of clients at risk.

In LPL Financial’s defense, there is an existing branch security policy requiring that all portable hard drives or laptops storing client data must be encrypted and accessible only by use of a passcode or key. Apparently, that policy was not obeyed in this case.

There are forty-five states with some sort of disclosure law requiring data breaches be reported, but only two states–Massachusetts and Nevada–actually require that personal client data be encrypted.

It is admirable that LPL Financial has an established policy mandating that data be encrypted, but as this incident illustrates policies can be broken. LPL Financial, and other companies serious about protecting data, should have a solution in place that doesn’t rely on human intervention to function. Sensitive data should only be allowed to be written to drives with the appropriate encryption mechanisms in place.

Tags: , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »