Locked Down in Transit

How to protect your company's in-transit data

1 2 3 Page 3
Page 3 of 3

ACS has more than 1 million tapes at its tape library in Dallas, and its standard practice is to encrypt their content. But, Leach says, some clients don't want to incur the cost and effort of decrypting the backup tapes they receive from ACS, so they request that the content be kept in the clear. "For those tapes, we have very strict packaging, signing and tracking at every step, almost like a chain of custody in a legal case," he says. "Tapes go into turtle boxes that are locked and unlocked at each end."

In addition, he says, "we insure them for a high amount, not because the tapes or CDs are worth a lot of money, but because that triggers tighter processes and closer scrutiny by the shipper."

Users report that they are studying new technologies to supplement or substitute for encryption. The state of New York is looking at thumbprint scans to protect laptops and tape cases. And ACS is examining prototypes of three magnetic devices that will erase the contents of tapes inside a locked case if it is broken open.

Iron Mountain says the best automated help of all may come from a tape inventory-control system to help eliminate the No. 1 cause of lost tapes -- human error inside the company.

Myth 5: Encryption is a silver bullet.

While encryption is often considered the best technical solution, it has drawbacks. For example, if you retrieve a tape but have lost the keys to decrypt it, you might be out of luck. Also, encrypting data before writing it to tape, a laptop hard drive or removable media can take copious computer resources. Finally, at many companies, encryption is optional or a requirement that can be circumvented.

For these reasons, Stryker doesn't encrypt laptop hard drives unless there's sensitive data on them. Sensitive information that remote users may need stays on protected servers, where it is accessed only when needed and not retained locally. Lurie acknowledges that this isn't perfect because it requires voluntary user compliance.

Lurie says his chores will be eased when Stryker moves to Windows Vista, because the operating system offers options for automatically encrypting data. "But it's a burden -- you need additional memory, and it slows down the machine," he adds.

Myth 6: If you protect your tapes and laptops, you can feel secure.

News stories have focused attention on lost tapes and laptops, but there are a number of other devices walking out your company's door every night. Lurie says mobile devices such as BlackBerries are protected at Stryker. "I have the ability to remotely wipe them out," he explains. "If lost, we send a signal to it immediately to clear the memory."

But flash drives, CDs and DVDs are more problematic, he says. Lurie's solution: "If it's not encrypted, we just discourage the downloading of sensitive information to them."

Lurie says he even worries about the humble cell phone. "We don't allow cameras in our building, but there are lots of people who have them on their phones," he says. "If someone takes a photo of someone or something and posts it on the Internet, we've got a potential liability. I'm not sure how to deal with that yet, but I've been giving it a lot of thought."

Next: Solid-state disks offer 'fast erase' features

Copyright © 2009 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
  
Shop Tech Products at Amazon