informa
Commentary

Protecting Bob In Accounting, From Himself

Of the hundreds of data loss incidents in 2007, it seems the majority involved some type of lost storage media or notebook. If only the companies had used, or were certain that encryption had been in place, then the customers of GE Money, Accenture, the Department of Veterans Affairs, and too many others to list would be sleeping better. It's a problem that's only going to get worse as more data is held on portable storage devices, such as USB devices, smartphones, and even MP3 players.
Of the hundreds of data loss incidents in 2007, it seems the majority involved some type of lost storage media or notebook. If only the companies had used, or were certain that encryption had been in place, then the customers of GE Money, Accenture, the Department of Veterans Affairs, and too many others to list would be sleeping better. It's a problem that's only going to get worse as more data is held on portable storage devices, such as USB devices, smartphones, and even MP3 players.It's just too tempting to toss that report, or customer data detailed on that spreadsheet, on that iPod if no other device is available.

Hey, it's better than e-mailing the data, in the clear, to your home account. Isn't it?

And if large corporations and government agencies can't seem to get into the habit of encrypting sensitive information, how can you expect Bob in accounting to do the same? Besides, encryption is a hassle. It's another step between Bob and his spreadsheets. Who needs more friction in their lives?

Security vendor McAfee hopes it's found a way to get more of us to use crypto. Last fall the company scooped up little-known startup SafeBoot for $350 million. SafeBoot was bringing to the U.S. market its data protection suite designed to encrypt files, folders, and entire drives on mobile devices: PDAs, smartphones, USB drives, and notebooks.

On Monday, McAfee said SafeBoot's technology is now part of the company's suite of data leak protection and end-point security products that aim to control how information is permitted to flow through, and out of, an organization. For instance, a company could forbid the transfer of information from desktops to removable storage devices.

With SafeBoot now part of the offering, it presumably will be easier to lock down those gadgets, so if they're lost nothing of value can be gleaned from the drive. Will Bob do it? Will more companies now use encryption?

If history is any indication: no. Most users have shunned encryption because it's clunky. But now, the excuses for not doing so are getting even thinner.

Recommended Reading: