Massachusetts Data Protection regulations require that data on portable devices be encrypted. As I've written about previously, we have encrypted all our laptops with McAfee Safeboot/Endpoint
However, it's commonplace for folks to backup their data on removable USB drives. How can we ensure portable drives are protected?
The answer is hardware encryption. I tested the Maxtor BlackArmor 160GB Encrypted Portable Drive and it's my cool technology of the week.
Here are the specs:
» Hardware-Based Full-Disc Encryption: Prohibits access without a password, no exceptions-not even a professional data recovery service can access the data without the password.
» KeyErase™: Permanent removal of encryption key allows secure redeployment of the drive.
» USB Powered: Powers your drive and ensures fast data transfer-
» 5400RPM, 8MB Cache Buffer: For fast drive performance and fast access to your files.
» Backup Software: Maxtor Manager software lets you easily set your automated backup schedule, sync to multiple computers, and restore files.
» Capacity (Model #): 160GB (STM901603BAA1E1-RK)
» RPM: 5400
» Cache Buffer: 8MB
» Interface: USB 2.0
» Bus Transfer Rate: USB 2.0 480MB/sec
» Dimensions: 5.17" H x 3.32" W x 0.67" L [131.2 mm x 84.2 mm x 16.9 mm]
» Weight: 7.20 oz [204.12 g]
» Warranty: 5 years
The software provided autostarts upon USB connection and sets the drive password. It only runs on Windows, so I had to test the device on one of our clinical subnotebooks - a Dell laptop running XP.
The drive mounted without a problem, queried for a password, and enabled me to place data on the device without error. Each time I reconnect the device it queries for my password. Without the password, the data is completely unreadable - I cannot even see the file names.
A portable, inexpensive, removable, hardware encrypted data store that complies with all current federal and state data protection regulations.
That's cool!
That is indeed a cool technology. We're going to see more and more requirements for our "data at rest" as the years go on. And it's just good practice. We encrypt our data when they go over the wire, so we should do it at their endpoints, too.
ReplyDeleteWhen not in a corporate environment, I encrypt most of my machines with http://www.truecrypt.org , an open-source crypt that works on the big three platforms (win, linux, mac). It's not the world's easiest thing to set-up, but it works and its free. If you're comfortable setting up Linux on your own, this should be a piece of cake. Vegan cake, of course, Doctor.
Encryption is important...
ReplyDeleteWe also use Computrace from Absolute Software for remote data deletion and theft protection. Has some great tracking and monitoring features too.
*(have a happy birthday this weekend John :-)*
There is the other end to this whole data at rest issue. As longs as the desktops and laptops allow any kind of a USB or bluetooth device, the data is not truly secure. There has to be a standard by which any device that connects with the laptop does a handshake ensuring that the device is protected. Then alone should the two devices be allowed to talk.
ReplyDeleteWhat about data and e-mails we have on our smartphones/PDAs?
ReplyDeleteMost of us carry today a smartphone that is sync'ed with our e-mail but also can text or save data to SDcards/USB.
I think that is is clear that data security and privacy regulations mandate the protection of data, no matter where it is stored. Furthermore, it is easier to misplace/lose a cellphone than a laptop.
Glen says it best, I think. It's an end to end thing. When implementing security, you do it for the business and the entire workflow. If data needs to be encrypted/audited across its whole chain, then the data needs
ReplyDeletePKI/Escrow and centralized Authn/Authz are core components for an Enterprise Security system. Once implemented, it is possible to have end-to-end encryption on just about every nook and cranny on networks and mobile devices. Of course the key to that is "once implemented".