Veterans' Data Theft Highlights Need To Secure Data On Laptops
The people handling data, not technology, are the weakest
link in data security.
The theft of a computing device containing the names, social security numbers and birth dates of 26.5 million U.S. veterans and some of their spouses once again brings to the forefront the importance of securing securing data on a storage device or a PC.
But so far, it looks like many end users and their channel partners haven’t taken the steps needed to address the problem.
On Monday, Reuters reported that earlier this month, data on an unspecified computing device was stolen from the residence of an employee of the Department of Veterans Affairs. The employee wasn’t authorized to have that data outside the office, according to the report.
A major problem in such scenarios is that the security of the data--no matter what type of perimeter safeguards are in place--remains vulnerable at its weakest point: the people who handle the data, said Dave Cerniglia, president of Consiliant Technologies, an Irvine, Calif.-based storage vendor.
"In the VA case, it's your own people screwing up," Cerniglia said. "It's always going to be an issue. This is probably a dedicated guy who did a good job all his life who now screws up and will probably lose his job."
That has been the case with several high-profile losses of data in the past year, including insurance or human-resources data stored on laptops that were stolen or tapes were lost after being sent for archiving.
In other headline-grabbing cases, online personal data was stolen from financial firms and other companies whose networks were reportedly secure.
Last year, security breaches at ChoicePoint, LexisNexis, MCI and the Bank of America resulted in stolen account information or social security numbers for about 580,000 customers, according to research firm IDC. Also during the year, missing backup tapes from Bank of America, Ameritrade, Time Warner and Citigroup had the potential of exposing account or social security data of 5.9 million people, IDC said.
Nevertheless, businesses are not flocking to new technology designed to prevent such data loss, Cerniglia said.
"In enterprises, or in specific verticals like financial [services], it becomes an issue," he said. "But customers have other pressing problems that need to be handled. Many projects need to be done. They need to prioritize their bandwidth."
For that reason, Consiliant is eyeing opportunities in this space, according to Cerniglia.
"We're looking at what the vendors are doing, but we're not actively targeting customers yet. Before we jump on the bandwagon, it's more important to listen to what customers need," he said.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.