Wednesday, June 3, 2009

Data Loss

There have been numerous incidents of data loss over recent years, many from lost hard drives, pc's, smart phones, and other mobile or moveable devices. Last month, in May, a particularly notable one took place in Britain, where a hard drive went missing which contained personal information for 500 RAF officers. Indications were that the information was sensitive and could open the officers up to blackmail.

Few precautions appear to have been taken by the RAF to safeguard the data. The incident therefore laid bare some of the lessons that can and should be learned from these incidents. Moveable data is a phenomenon that is common, here to stay and that needs to be addressed by most organizations and companies. Virtually every organization and company handles sensitive and/or personal data of some kind.

The issues needs to be addressed by first clasifying data according to its importance and sensitivity. Then the more sensitive data needs to be encrypted. Finally, Data Loss Prevention techniques need to be considered for adoption. In order to devise these techniques, the company needs to follow the data. Determine where it is and where it is at most risk. The CICA Information Technology Advisory Committee is soon to release a white paper on this topic called Data Centric Security. Watch for it. A summary of the RAF incident is now on the Security Planet Site.

No comments: