Oftentimes—actually, most of the time—I write articles about some sordid data breach or other; a hack, a theft, a massive intrusion, many of which likely could have been prevented by encrypting people’s sensitive data. So when I finally stumble upon a storyabout the use of encryption continuing to grow as more and more companies need to address consumer concerns, that makes me happy. Well, maybe happy is too strong a word…’Reasonably satisfied’, maybe.
Either way, it’s about time, too, with the federal “wall of shame” tally surging recently. Beginning with 2009, the tally catalogues incidents of major data breaches (breaches affecting 500 or more individuals), the total as of April 23 of this year reaching 966, and affecting a whopping 31.1 million people. Few things could be more revealing regarding the need to protect data; and yet, while deployment is reportedly on the rise, implementing an actual policy seems to remain a challenge. “For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge, but questions should be asked about the broader topics of policy issues and choice of encryption algorithms,” says Larry Ponemon, chairman and founder of the Ponemon Institute, of a recent study. Key management proves tricky business; over half of the respondents in the Ponemon survey rated the task of managing keys and certificates a 7 on a 1-10 scale. Well, baby steps, I suppose.
There is another item of note is highlighted by the tally, which coincides with numerous incidents I’ve covered in the past. While wanting to avoid the wall of shame is logical, we shouldn’t overlook the tiny footnotes torturously scrawled at the bottom, which in this case are the fact that the loss or theft of unencrypted devices—laptops, USBs—constitutes the primary cause of major breaches. Something so simple and perhaps overlooked when we talk about security policies and strategies and other issues of such sweeping range. The $250,000 settlement QCA Health Plan reached with the HHS Office for Civil Rights (OCR), prompted by a HIPAA compliance investigation after a stolen laptop led to a data breach that affected 148 people (a number insufficient to make the federal tally), reminds us not to neglect the mundane. Protect the data on your personal devices, and you may just escape that “number one cause” statistic.
Written by Jonathan Weicher
Written by Jonathan Weicher
No comments:
Post a Comment