Learning about how to defend information inside your computer or on your company network is easy. A closer look at the proper care of that information might not seem to be high priority until we start to consider that Identity theft is the fastest growing problem we face. If you wait until someone has stolen your identity – it will be too late. Consider the consequences of having your bank account drained, credit cards maxed out, and the possibility of someone obtaining a new driver’s license and credit cards in your name. Think about them making big purchases that could easily destroy your good name and credit standing. Suddenly information protection becomes a top priority.
Your efforts at repairing your credit would include the time and expense of closing existing accounts and opening all new accounts and would reach beyond to possibly months and years. Also consider what happens to your credit and lifestyle during this type of mess. The news media is already filled with horror stories. In the face of that possibility it makes sense to spend money on security controls that will have the greatest impact to avoid the potential losses that accompany identity theft.
So let’s start from the point that protecting data-at-rest is critical in today’s interconnected environment where we have highly mobile data and decreasing device size. Personal identity information or sensitive information stored on devices such as laptops, thumb drives and PDAs is often unaccounted for and unprotected, and can pose a problem if these devices are compromised.
From an attacker’s point of view, that information inside your computer — data at rest – such as the data on your hard drive, in databases and computer file systems, those files stored on your Network Attached Storage (NAS) units or Storage Area Networks (SAN), and the information on company file servers — is much more attractive than what is found being sent across the Internet in encrypted form. That is because data at rest is typically not encrypted. That is – the information on your computer hard disk is readable by anyone with the ability to get into your file system.
When information is encrypted it is made unreadable and it takes effort on the part of the attacker to break the code to read the information. So the attraction of data at rest is that it is where the money is. No – you are not likely to hard dollars or Euros on your hard drive. You will, however, certainly have valuable information stored there. This is because our computers store things like credit card numbers, social security numbers, intellectual property, financial information and company process information on the hard disks. Sometimes we save information on our computer hard disk without knowing about how it is done or even realizing what we have done. Anyway, those things we can’t afford to lose are exactly what the malicious attackers and rogue employees are trying to take from us.
As computer users become more aware of how certain types of technologies work – the information on our computer becomes more widely accessible and this makes our computers more vulnerable to attack. Reports of source code for commercial software being stolen and the loss of customer, employee and client data are so common that we no longer find these reports shocking.
Don’t get me wrong, other types of crimes are taking place and data in transit does have vulnerabilities but that is NOT the focus of this article. Good network managers everywhere are working hard to ensure that information sent across the wire is encrypted. There are some who are working to encrypt even the internal network traffic. That is because the attackers are getting better at using sniffers anywhere on the network to enable them to see all traffic with ease. There are those attackers who have the expertise to break in and install a sniffer to and glean our network traffic remotely.
That brings us to the point – what should be done to thwart the attackers who are the most daring? Well, the short and easy answer is that encryption of data-at-rest is now possible and at a reasonable price.
So just what is Data-at-rest? Data-at-rest is the term used to describe all the information inside your computer that is stored on the hard disk or other permanent storage media. This definition, of course, excludes the information that is traveling across a network or the information that is temporarily in the computer memory chips. Our focus here is to consider where the credit card information and social security numbers are kept and make that safe from prying eyes.
Let’s revisit the fact that Identify Theft is potentially devastating. The cost of a reliable data at rest solution such as Check Point´s FDE is nearly trivial. The call to action is clear – there is a tremendous value proposition so we should each be doing what we can to ensure we’ve closed the door on would-be attackers.
For a long time the businesses, government agencies, and other institutions have been (and are still) concerned about the ever-present threat posed by attackers to their important data at rest. In order to keep data at rest from being accessed, stolen, or altered by unauthorized people, security measures such as data encryption and specialized types of password protection schemes are commonly used.
One example of strong protection for data is found in the organizations that work with medical and financial information which requires special handling. These solutions are typically global and expensive and they are used in conjunction with specialized security measures that keep that type of information safe. Now that data at rest is available for the home user and small business we simply need a formula to determine how much our data is worth. Companies will typically prioritize the importance of their data and create what is called a trade off study. The home user might not immediately think of the value of his or her information because the value of a picture of a certain kitten, a picture of our family, or a credit card number isn’t a precise amount. However, the value of our time in correcting a stolen identity can be seen in term of the time it takes to change credit cards and then the burden of contacting every company we do business with to change all of our information.
Keep in mind that in today’s computing environment of the Internet that we are all interconnected. That means that the good guys and the bad guys are both on the wire that you use to connect to any peer service for things like music downloads, Facebook, MySpace, online banking, or other company for the purpose of performing any financial transaction. It is not paranoia if you really are being watched. Know it and act accordingly. See this link to ALERTSEC solutions page with definitive pricing.
In another blog entry we will further discuss what browser cookies are, how they store information on your computer automatically, and how to think about protecting yourself with data at rest encryption.
Until then – Cheers!