The quantity of electronic data relied upon by both the private and public sectors alike are increasing at a rapid rate. But news reports on data leakage have become a regular feature and causes huge embarrassment to organizations, impacting their image and damaging the relationship with customers. Why is the lesson taking so long to learn?
Many organizations have turned to encryption as a saving grace without fully understanding the problem they face, and as a result have fallen foul. There are a number of software based solutions that sit at entry level, but often they can be bypassed relatively easily.
Instead of relying on users to encrypt data before transferring it to a portable device, isn't it better for the external device to have encryption already built in? External hard drives are available that utilize a hardware based encryption chip to seamlessly encrypt and decrypt data using military grade AES / CBC mode encryption.
In addition, it's likely that we will not have long to wait before we see notebooks coming to the market that have encryption built in to the hard drive. A marriage of technologies, the SED (Self Encrypting Disk) is the opal standard established by trusted computing. One example is the new range of laptop drives that will be completely encrypted and will sit internally in its notebooks. As a user the encryption is seamless needing only to enter an additional password when logging in and therefore is impossible to bypass.
I find it difficult to understand how anyone can justify carrying electronic data unsecured in the public domain. People must be educated as to the many different options available. However, in my opinion, transparent encryption of not just sensitive but all portable data reduces the risk of the individual either forgetting, or worse bypassing, this safety belt. The next time you decide to carry data out of the safe confines of the corporate environment, remember to buckle it up.
What's your opinion?