Your Computer Network Solution
Using Data Encryption to Help Protect Sensitive Customer Data
Hardly a week goes by without hearing or reading about another breech in security, loss of credit card numbers or theft of sensitive information. Combine that with the fact that in 2008, portable notebook sales exceeded desktop unit sales and you find that we are becoming increasingly mobile and we are bringing our data with us.
So, think about this… right now, take that new notebook computer of yours and leave it on a park bench in downtown Seattle. I don’t imagine that it will take very long before it goes missing. Now how much information is there on that machine that you would not want to lose? More importantly, how much company - or worse, customer - data would you want to fall into the wrong hands?
Plan on it happening! Theft of notebook computers is commonplace, so we should anticipate that this could (perhaps will) happen to us. How can we mitigate the risk?
Recognizing that not all of the data on a computer is sensitive, we explored different solutions for protecting that data we would consider private or otherwise sensitive. The most common way to protect data is to electronically encrypt it into a format that can’t be read unless you possess the encryption key. Most notebook computer vendors as well as Microsoft provide options for encrypting the entire hard drive of a notebook computer. This is a fine solution for those who want the highest degree of protection, but this generally involves wiping the machine clean and starting from scratch with the intention of encrypting the entire volume. This is time intensive and can be difficult to accomplish for the non-technical user. Furthermore, there is a cost in terms of operational performance. Encryption and decryption are processor intensive. We were looking for a way to protect some, but not all, of the information contained on the notebook.
We explored a free open-source solution from TrueCrypt that creates a virtual encrypted disk within a file that appears as a normal windows volume. Data can be stored on the volume and it is automatically encrypted and decrypted as needed.
Setting up a new encrypted volume is simple. Select Create Volume, give the new volume a file name, and provide a key (password) for the store. Volumes can be any size, and once mounted, (given a drive letter), they can be used immediately. I created a volume named secure.doc (looks to the casual user like a typical Microsoft Word file). When I start TrueCrypt , select the file, and provide the password (key), the volume is mounted as an S: drive. I can store virtually anything I want on that drive, knowing that if someone gets hold of the file, they will not be able to access any of the data contained within it. Even using bit-level file editors, the file just looks like random data.
Using this approach, I can store any sensitive files on my “S drive” and know that they are protected. The file containing the secure information can be copied from device to device. This is a good approach to use when you are using a thumb drive. If the thumb drive is lost, no accessible information would be compromised.
Keep in mind that, as with any encryption solution, the security lies within the key. If you lose or forget your key password, your data will be inaccessible to you as well. This can present a security challenge to businesses where employees have autonomy to create and change keys. If an employee leaves the company for any reason, steps need to be taken to have access to the keys.
High-end security solutions include key management functions to provide executive access to all keys used within a company. If you deploy TrueCrypt or other off-the-shelf solutions, make sure that someone in authority has access to all of the keys.
For more information or if we can help you set up an encryption to protect your data, call Chris Faist, Integrated Computer Systems Solution at 425-284-5410.
