Veterans' Data Theft Highlights Need To Secure Data On Laptops
The people handling data, not technology, are the weakest
link in data security.
The theft of a computing device containing the names, social security numbers and birth dates of 26.5 million U.S. veterans and some of their spouses once again brings to the forefront the importance of securing securing data on a storage device or a PC.
But so far, it looks like many end users and their channel partners haven’t taken the steps needed to address the problem.
On Monday, Reuters reported that earlier this month, data on an unspecified computing device was stolen from the residence of an employee of the Department of Veterans Affairs. The employee wasn’t authorized to have that data outside the office, according to the report.
A major problem in such scenarios is that the security of the data--no matter what type of perimeter safeguards are in place--remains vulnerable at its weakest point: the people who handle the data, said Dave Cerniglia, president of Consiliant Technologies, an Irvine, Calif.-based storage vendor.
"In the VA case, it's your own people screwing up," Cerniglia said. "It's always going to be an issue. This is probably a dedicated guy who did a good job all his life who now screws up and will probably lose his job."
That has been the case with several high-profile losses of data in the past year, including insurance or human-resources data stored on laptops that were stolen or tapes were lost after being sent for archiving.
In other headline-grabbing cases, online personal data was stolen from financial firms and other companies whose networks were reportedly secure.
Last year, security breaches at ChoicePoint, LexisNexis, MCI and the Bank of America resulted in stolen account information or social security numbers for about 580,000 customers, according to research firm IDC. Also during the year, missing backup tapes from Bank of America, Ameritrade, Time Warner and Citigroup had the potential of exposing account or social security data of 5.9 million people, IDC said.
Nevertheless, businesses are not flocking to new technology designed to prevent such data loss, Cerniglia said.
"In enterprises, or in specific verticals like financial [services], it becomes an issue," he said. "But customers have other pressing problems that need to be handled. Many projects need to be done. They need to prioritize their bandwidth."
For that reason, Consiliant is eyeing opportunities in this space, according to Cerniglia.
"We're looking at what the vendors are doing, but we're not actively targeting customers yet. Before we jump on the bandwagon, it's more important to listen to what customers need," he said.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.