http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9044122 By Brian Fonseca October 25, 2007 Computerworld The loss of unencrypted storage media from an Iron Mountain Inc. vehicle last month renewed calls for IT managers to better protect data stored off site. The Louisiana Office of Student Financial Assistance (LOFSA) said the unencrypted data lost from the vehicle of its contractor on Sept. 19 included the names, birth dates and Social Security numbers of thousands of state residents. The state agency, based in Port Allen, La., administers several state scholarship programs as well as the states 529 College Savings Plan. Sue Boutte, assistant executive director and chief operating officer of the agency, this week declined to say whether the unencrypted data was stored on tape or disk drives. However, she conceded, If you trust your data to a courier, then obviously something like this can happen. According to Boutte, the incident occurred while the agency was working on a plan to encrypt all backup data stored off site. LOFSA was in the process of developing our disaster and recovery plan, but [the loss] occurred before we could get it in place and establish it as a standard plan, she said. In a statement, Boston-based Iron Mountain blamed the loss of the device on a driver [who] did not follow established company procedures when loading the container onto his vehicle. The statement also noted that the company encourages its customers to encrypt backup data. In a recent interview, Iron Mountain CEO Richard Reese said his firm is working hard to eliminate human error by its employees. For example, the company announced this summer that it is retrofitting its fleet of trucks with a new self-designed security and tracking system. A similar incident two years ago prompted TD Ameritrade Inc. to encrypt all of its backup data, said a spokesman for the Omaha, Neb.-based financial services firm. The backup tapes, later recovered, fell off a conveyor belt and became lost in a shipping facility of an undisclosed contractor. Those tapes contained personal data on 200,000 Ameritrade clients. At the time we re-evaluated our [backup] processes and procedures, and from that point forward, we encrypted [all data] and have taken that extra level of protection, the spokesman said. Brian Babineau, an analyst at Milford, Mass.-based Enterprise Strategy Group Inc., said that IT managers who dont encrypt data are not doing their jobs. Organizations need to understand that encryption is a necessity and not a luxury anymore. This would be the equivalent of not locking your luggage when you travel overseas or leaving your wallet exposed in your back pocket, he added. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Fri Oct 26 2007 - 00:39:01 PDT