Minding the little-known pitfalls of data leakage

Minding the little-known pitfalls of data leakage

Summary: Corporate use of unprotected, or even software-encrypted portable storage devices, puts companies in a vulnerable position with regard to data loss.

TOPICS: Storage

Data leakage resulting from lost or stolen laptops is something most of us are familiar with. Equally prevalent, but less spoken of, is data leakage which originates from misplaced data storage devices such as USB flash drives or portable hard disk drives. 

Of course, organizations are certainly not helpless when it comes to protecting data. Businesses can easily defend themselves on this front with highly affordable software encryption offerings such as BitLocker To Go--both the Enterprise and Ultimate versions for Windows--or the open source TrueCrypt encryption software. Some USB flash drives also come preloaded with proprietary software utility to encrypt data.

I asked Resham Ganglani, business development director of Halodata International, a company that specializes in data loss prevention (DLP), on his thoughts pertaining to software encryption.

"Software encryption is definitively better than no encryption," conceded Ganglani in an e-mail message.

But while recommending it for personal usage, he discouraged the use of software-based encryption for businesses. "[Software encryption] is too slow, dependent on installed software and in some cases, easy to crack. I definitely would not recommend it for corporate use."

An alternative to software encryption would be the use of portable storage devices with hardware encryption baked in. Many of these devices perform their data mangling transparently as information is copied onto them, often incorporating hardware for biometric or PIN-based authentication without having to use a host computer.The use of hardware encryption leaves no possibility of leaving files unprotected by mistake, or having employees skipping the software encryption process when in a hurry.

Of course, these do come at a price premium compared to unprotected portable storage devices. 

According to Ganglani, the new Personal Data Protection Act in Singapore regarding consumer data and the increased need for international compliance by multinational companies (MNCs) mean the days of standard portable storage devices may be numbered.

Personally, my concern relates to the robustness of hardware-encrypted storage devices, though devices armed with bogus or wrongly implemented hardware encryption no longer appears to be a problem. As such, it probably makes sense to either have them independently verified, or look to what government and MNCs are buying into. 

Regardless, the use of portable storage devices is just one façade of the data leakage protection issue, said Ganglani. He noted: "I think companies should invest in a good DLP solution which solves the DLP problem but also invest in portable, hardware-encrypted devices so as to boost efficiency and productivity but not sacrificing the security."

Topic: Storage

Paul Mah

About Paul Mah

Paul is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. He enjoys tinkering with tech gadgets, smartphones and networking devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And Don't Forget Traffic Analysis

    Have companies figured out yet that a lot of information can be gleaned just from the amounts, sources and destinations of encrypted data transfers?
  • Encryption of Data without Inspection is a mistake

    Data Protection must be based on Content & Context:

    Protecting data by selective encryption of specific file types or protected content is the correct, most effective way to protect sensitive data. Blanket encryption of data leads to sensitive data extrusion, by both trusted and untrusted users. GTB's Data Loss Prevention takes control and encrypts based on policy, not only providing compliance but also providing an historical trail.