Wave Systems Corp. (fka WAVXQ)

[jakes_dad]

is your sensitive company data ready for WikiLeaks?

December 2, 2010 By Paul Guckian

The news that secret data from US government and banks has ended up on the controversial website WikiLeaks has led to a few red faces in US, UK and international governments. Having invested millions in data security, they are still realising that the weakest link still remains – it’s called people. IT systems and automated controls behave consistently and rationally at all times (assuming that they have a reasonable level of quality). People don’t.

At the start of Dec 2010, Bank of America shares dropped 3% on the speculation that it will be the next high profile target of the controversial whistle-blowing website. In an interview to a niche computing magazine in Oct 2009, Mr Assange boasted that he has the contents of a Bank of America executive’s hard drive. Bank of America executive have recent memories of regulators and political bodies sifting through their internal communications and memos. They will not be best please to have a full public examination of them as well.

“Perhaps, it’s time for a Data Encryption 101 lesson for all business owners, managers and senior executives” suggests Peter Craig, Chief Technical Officer at Delaney. There are two basic types of encryption – hardware and software. Hardware is faster and more secure, but it’s a bit more expensive upfront, albeit a bit cheaper in the long run. Software has two levels – whole disk encryption and file based encryption. As the names suggest, whole-disk ensure that the whole disk including boot partition is secured, while file-based encryption relies on selecting individual folders and files. Securing the boot partition is important because that stops the machine booting up, and makes getting unauthorised information significantly more challenging. Therefore, most sensitive organisations would not consider file-based encryption but opt for popular whole disk options such as SecureDoc by Winmagic, Safeboot by McAfee and SecureDrive by Softex .

But wait! Hardware based encryption is about to get a lot more exciting. The Opal Security Subsystem Class industry standard specification from the Trusted Computing Group is revolutionising the ability of hardware manufacturer to develop and deploy hardware encrypted drives which can work with multiple software solutions. There is no waiting for the hard disk data to encrypt itself for many hours. It’s all done “on the fly”. When you take into account the time saved with installing and deploying the software solution, the small additional upfront cost is more than offset by the saving in support costs over the lifetime of the drive. In short, it has a much lower total cost of ownership and it is much more secure. Win-win.

Paul Guckian, CEO at Delaney says “I’m willing to bet that executives at Bank of America are wishing right now that their IT department had invested a few more dollars in their laptop hard drives”. Is your organisation ready for WikiLeaks? Is it worth considering what hard drive you are putting your data on? Do the maths yourself, and work out how much your company’s data cost your organisation to acquire. Then consider the small insurance premium of data security. Being the star of “WikiLeaks” or the next copy-cat website in your industry won’t do much for your career prospects, but it might make you famous.

http://www.delaney.eu.com/industry_news/2010/is-your-company-data-ready-for-wikileaks/