When we talk about encryption we often focus on laptops and desktops in public areas – computers that are at high risk of loss or theft. However the UK Ministry of Defence published details of its data loss incidents for 2008 and this report shows that while you think your nice shiny server room is protection enough – think again!. The Ministry of Defence reported the loss of an entire server from an apparently secured government building, and the loss of 1.7 million individuals’ personal data.
This loss occurred in September 2008 when it was apparently discovered that ” a server was missing following the closure of a secured government premises”. The report goes on to provide details of the data which are described as “names, addresses, details and service numbers or National Insurance numbers and medical records relating to around 700 individuals – 200 of which are reported to be active records.
Security layers
This instance is one more example of why you need a combined, layered approach to data security. While you start with security around physical obstacles, doors and locks, you have to also include information security programs like hard drive encryption software from Alertsec.
Often when laptop computers go missing, you have a quote from a security expert that sensitive data shouldn’t be on laptops. Instead, they note, secure data should only be on servers that are under key and lock, and are guarded. Well, as the Ministry of Defence discovered – the server is, by itself, not the best defence!
Size does not matter when it comes to security
A server has no special properties that will prevent it from becoming stolen. While many people think of servers as big computers, like the mainframes of olden days, the reality is that any computer can act as a server, including laptops. Even if you use equipment designed specifically as servers, that equipment is shrinking in size everyday.
While server room physical security should be enough, you have to consider if the servers can easily be transported and you have to consider what will happen to the servers when they are decommissioned. Encryption software is not just for laptops – but for any computers that store sensitive data regardless of how many layers of security you think you have in place.
On servers you can use encryption software that might be more complicated to administer – but your system administrators can handle that. On laptops and desktops you want to focus on encryption software that is easy to setup and maintain.
As the Ministry of Defence proved – your data can’t be too secure.
