Ohio Plans To Encrypt After Data Breach

Lucas123 writes "After a backup tape containing sensitive information on 130,000 Ohio residents, current and former employees, and businesses was stolen from the car of a government intern in June, the state government just announced it has purchased 60,000 licenses of encryption software — McAfee's SafeBoot — for state offices to use to protect data. It's estimated that the missing backup tape will cost Ohio $3 million. In September, the state docked a government official about a week of future vacation time for not ensuring that the data would be protected."

Backups Won't Be Encrypted

[nuxx]

Er, while this software encrypts data on the disk, it doesn't encrypt the backups. These will still be cleanly read from the disks and written out to tape.

Re:Backups Won't Be Encrypted

[palegray.net]

You make the assertion that this software won't encrypt the backups. Please answer the following questions:

1. What are your sources for that assertion?

2. Have you personally used the software?

3. Have you seen this page?

Next time, please think before posting. If you're 100% sure your original statement is valid, I'll gladly stand corrected and eat a healthy slice of humble pie.

Brings me back to the question....

[ducomputergeek]

WTF is this stuff doing on laptops in the first place?

It seems logical to me that this kind of information should be on a centralized servers at a state office with managed firewalls and all the rest with only hardwired terminals allowed access with maybe a VPN set up for remote access if absolutely needed out in the field. I know wireless isn't 100% secure and no system is but that just makes logical sense to me.

Isn't going to help

[belthize]

If they have 60,000 computers with 'sensitive' data on it then they're borked already.

      If they want to encrypt people's laptops/desktops then fine ... if they want to prevent
personal civilian data from leaking out they're off by a few orders of magnitude on the
extent of their distributed storage.

Belthize

Horse gone - Elephant still in room

[toby]

Hmm... I wonder if they give a damn that their state-wide reliance on Windows is another accident waiting to happen.

Care about trojans, keyloggers, viruses, and all the other uncountable ways to lose confidential data, not to mention productivity?

Get rid of Windows as well. You'll never regret it.

Re:A week's vacation?

[syousef]

I work as a DBA in a nonprofit healthcare organization. If our backup guys lost a tape, and I hadn't bothered to check off the box in our database backup software that says "Encrypt: 256-bit AES", I would lose my job.

What you need to ask is what was the procedure and was the guy following it?

If it's standard procedure for this guy to carry unencrypted data around in his car, it's the guy setting policy/procedure that should be made responsible.

If it is standard procedure for you to encrypt your data, and you fail to follow that procedure you should be disciplined. Better still would be to find a way to make that little check box for encryption on by default. Even better would be to find a way to restrict export without encryption unless it's authorized by a second person. It shouldn't be easy for you to make a mistake that could cause you or your company massive damage.

Re:Wonder if McAfee payed them

[WhatAmIDoingHere]

Doesn't matter if it's carved into a brick of lead weighing 4 tons and can only be read by a half blind midget who is kept locked in a dungeon under the guard of five dragons.

The brick being stolen is a security breach, and the information that was carved into it is now to be considered 'out in the open.'

Security through obscurity? Get real.