How Secure Is Your Data Part II

Came across the following video yesterday, and it serves asa mildly humorous worst-case scenario of the “How Secure IsYour Data?” entry from a bit back.

http://media1.break.com/dnet/media/content/stolenlaptop.wmv

As laughably over-the-top this professor’s claims andgrandiose threats are, most concerning to me was the obvious lackof confidence he holds in the integrity of data on his computer (amobile computer no less, of the sort that close to amillion per year are stolen in the US alone).

This computer was obviously stolen while unattended, and if eventhe rudiments of security best practices were followed –use of some sort of encrypted file system, be it PGP disk, EFS inWindows, or similar technologies — he should be able to write itoff as a costly and inconvenient loss of some hardware. Instead,his hysterical threats make it out to be a matter of nationalsecurity, to which every scary government agency will soon swoopdown in the black helicopters. The perpetrator(s), we are told,must prove that the data hasn’t been tampered with, and that ithasn’t been copied (how, pray tell, does one prove that It’s thesort of negative proof that’s rather difficult to contrive), andmaybe then they won’t be sent off to secret Eastern Europeanprisons. Okay, I made that last bit up, but it’s along the lines ofthe hyperbole.

From a professional perspective, I find the diatribe by thisprofessor very self incriminating, hinting at terrible neglect inthe management of data (purportedly other people’s data as well,which should rightly make those third parties very angry). While itis almost certainly a ruse to scare a reluctant thief intoconfessing, it’s akin to claiming that the guy who stole your caris in big trouble, because you just happen to store nuclearwarheads in the trunk — I’d have more of a problem with the guywith nukes in his trunk than with a petty thief.

Protect your data. Acting surprized when hardware lossoccurs isn’t acceptable, and is tantamount to gross neglect.

[Miles Archer has rightly pointed out in the comments that thisvideo is a couple of years old. Nonetheless, we’ve had powerfulencryption options for a long, long time. A decade ago I gotthe senior management, accounting and HR departments of afirm using PGPDisk for confidential data, separating theadministration of systems (e.g. system ACLs) from the need andability to access the data. It worked beautifully. Since then we’vehad numerous new, and more transparent, options for securingour data]