Opening the floodgates on missing drives

News headlines about portable storage devices going missing are as common as muck, but the problem could be even more widespread than you suspect.

(Credit: Memory stick 3
by Ramasamy Chidambaram, Royalty free)

The data loss scandal du jour is the disappearance of a hard drive containing details of 1.7 million people who had enquired about joining the UK military.

The story ticks all the boxes: the data was unencrypted, it included sensitive information such as passport numbers, and it only became clear it went missing some time after the fact.

As ever, it seems that human error rather than technology failure is to blame. This isn't unusual; people have been misplacing documents in offices since the dawn of enterprise time, and it's only the sheer scale of information that can be crammed into a hard drive or USB key that makes the whole process so utterly scary.

A recent survey by RSA casts an interesting light on the problem. The company asked 417 attendees at three recent conferences a series of questions about security policy. When asked "Have you ever lost a laptop, smartphone and/or USB flash drive with corporate information on it?", 1 per cent said they had done so frequently, and 9 per cent said it had happened to them "sometimes".

That indicates there are at least four complete klutzes out there who are continually misplacing portable storage, and who we can only hope don't work in data security. But the more disturbing aspect is the fact that, in effect, 10 per cent of information is likely to be misplaced.

Companies routinely take out insurance to deal with relatively unlikely risks. I suspect if I told my insurer that my house had a 10 per cent chance of being flooded, they'd either laugh me out the door or demand that I take some precautions to minimise the damage.

The same logic should apply to portable devices and the information stored on them. Can you hear the pigs flying overhead?