It seems you can't open a newspaper without encountering yet another story about a calamitous data leak. Bank of America, ChoicePoint, Citibank, Ernst & Young, the Veterans Administration, Wells Fargo -- all have collectively misplaced millions of records over the past two years.
Bob Gligorea knows about data leaks from both sides. As information security officer for Exchange Bank, he's responsible for ensuring that the bank's data stays where it's supposed to -- in the bank. But he also was the victim of a data spill last February, when the American Institute of Certified Public Accountants lost a hard drive containing 330,000 unencrypted Social Security Numbers, Gligorea's included. His consolation prize? One free year of credit monitoring.
"There's no excuse for businesses to store customer data on desktop or portable computers without encrypting the data," Gligorea says. The bank recently began encrypting its backup tapes and does not allow customer data to be stored on desktops or portables. It has also implemented additional security measures to ensure that any data files being sent outside the bank are encrypted to prevent unauthorized disclosure of customer data.
Portable devices also are causing many IT managers to lose sleep. "In the past, organizations used to be concerned about laptops not behind their firewall," says Warren Smith, vice president of marketing at GuardianEdge Technologies, maker of encryption software. "Now they're concerned somebody could drop in a 3-Gig USB drive, inside or outside the corporate perimeter, and walk away with some serious information."
Many large enterprises are quickly adopting end-to-end encryption, and SMBs are following suit, Smith says. But it's hard to police something as small and ubiquitous as thumb drives. "Many organizations would be shocked to find out how mobile their data really is."
Other potential sources of data leaks are those Blackberries and Treos in everyone's pocket, says Sara Gates, vice president of identity management at Sun Microsystems. "PCs are moving down in importance in terms of accessing data. Everything is moving to the edge -- to Blackberries, Treos, and other wireless devices," she says.
Click for larger view.
But Gates acknowledges that even the most advanced corporations are years away from that kind of bullet-proof identity management.
Nightmare on Config Street
What does it take to bring down a Web server? Try a misplaced comma in a configuration file. That tiny typo once took three servers offline for a major player in the hospitality industry, says Jim Hickey, vice president of marketing at mValent, a producer of configuration management products. A routine check of configuration files using mValent's Integrity app uncovered the error, which might otherwise have gone undetected.