Virtually Me

Colin's Technical Ramblings
  Home  |   Contact  |   Syndication    |   Login
  15 Posts | 0 Stories | 1 Comments | 6 Trackbacks

News



Other Blogs

Dave Oliver's Blog
Angus' Tech Blog
John Grove on Servers & Storage

Archives

Post Categories

MP3s - The big security risk in 2006

I've just come across an interesting piece on the BCS web site when Martin Allen is advocating that all employees in the organisation should employ encryption when copying data onto a mobile device, whatever that may be (not just the notebook or PDA, but also the USB stick or MP3 player).  Those of us in corporate IT have a huge educational challenge in front of us to get the message across about data security.  IMHO encryption tools are going to have to become as ubiquitous as anti virus software is today.  Until sys admins commonly deploy the tools that make it happen without the end user having to think too hard about what they are doing, it will be down to the end user and those focused on corporate security who will keep data secure.

Now call me cynical but Martin Allen is MD of a vendor supplying products aimed at increasing the security of mobile devices and removable media.  Is he just stirring up hype, feeding us FUD or is there really a need for these products?  Is everyone carrying corporate databases in their pockets or are they just happy in their work?  You tell me!

Now I'm off to balance my accounts...

 

...where did I leave that USB stick? 

posted on Sunday, April 02, 2006 6:39 PM

Feedback

# re: MP3s - The big security risk in 2006 9/7/2006 4:37 PM Mad Mike
Of course, encrypting mobile devices like this is a waste of time. As all encryption can be broken, given access to the device (assuming it is stolen), it is only a matter of time before the encryption is surpassed. All encryption does is buy you time. This therefore comes onto the data. Is the data self-expiring. In other words, after a certain period of time, does the data become useless. If the answer is yes, encryption is for you and you simply use one that should last longer than the expiry period of the data. Therefore, if someone manages to decrypt the data, it is useless. However, if the data is non-expiring, no matter how long the encryption lasts, the data will eventually be obtained and can be used. This is where the second string to encryption comes in. This is cost/benefit. If the cost of defeating the encryption is greater than the value of the data, again encryption works.

For data that is valuable and does not fit either of the above categories, encryption is of no use. The only option is to use a technology that cannot be broken. One example might be fingerprint scanning USB sticks. That would be fine unless they come looking for your finger!!!! In that case, the data is so valuable, you really should be employing bodyguards!!

Anyway, the moral is simple. Encryption is not of itself a solution to data security. It is a tool and helps, but it isn't the answer.

Post A Comment
Title:
Name:
Email:
Website:
Comment:
Verification: