Wednesday, November 12, 2008

Scary criminal activity and data theft

Even though one knows that criminals are increasingly behind some of the larger data breaches, it not until we get hit on the head do we pay attention. I just read this recent article from USA Today about the latest attacks on corporate intellectual property - I tell you, this is serious stuff.
Any organization not taking this very seriously is doing a disservice to its stakeholders and shareholders.

The problem seems intractable - for every hole you think you have blocked two open up to allow these criminals to grab data. What does any organization do?

I think the answer lies in the data itself - one cannot go about protecting the periphery to protect the asset. One has to protect the asset itself - in this case the data. If the data itself is always encrypted, at rest as well as in motion (even when it is grabbed of the computer by malware), we might have a shot at preventing this.

Else we are putting our collective heads in the sand thinking that encrypting the laptop drive or USB device is enough...

1 comment:

Anonymous said...

Could not agree with you more, Manu! It does become a never ending spiral if one tries to block all of the exits in order to prevent data breaches. A more comprehensive solution is to protect the data itself. That's why we took the approach you suggest of encrypting the data while it's at rest, as well as in motion. But we took a step beyond as well, recognizing that data is vulnerable once it's decrypted for viewing or editing. In addition to encryption, we prevent propagation - no copying, pasting, printing, etc. So it doesn't matter whether the data is on a laptop drive, a server, or a USB device, it's always protected - even if the "wrong" person gets ahold of it. True portability. Any USB drive can be turned into a secure drive, containing personal, private information or confidential business information. We are having a no charge open beta for anyone who would like to give the technology a try with our latest product, Personal Fortress (http://www.fortressw.com/beta_reg.htm).