A bank takes huge amounts of cash, but instead of using an armoured van for the transfer it calls a courier company... At the destination -- surprise, surprise -- it's missing. Where is it? Who knows. This would make a good scene in a Laurel and Hardy movie, but it's hardly possible in real life -- is it?
Incredibly, Citibank is in exactly that position. Four million customer records went missing from a UPS delivery. Without knowing the net value of the customers, it's hard to say exactly how much money was on the line -- but even assuming a modest average of five hundred dollars each, then we're talking about two billion dollars. No bank on earth would consider sending that sort of cash by courier, or transferring that sort of data over a public network without bomb-proof encryption. The company could have gone one step further and stuck the records on a couple of DVDs, popped them into a Jiffy bag and shoved the lot into the nearest post box: doubtless there are people doing just that.
Quiescent data seems harmless, almost valueless. Back-ups moulder away in cupboards, old servers gather dust in the corner of an office, broken laptops find their way home in the hope that they can be fixed or bartered. Such things are easily forgotten, and the data on them is soon erased from the company mind. There are endless stories of car boot sales, charity shops and eBay auctions revealing the most confidential information, yet the instinct is to chuckle and move on rather than learn from others' mistakes.
When a system's security is planned, it's always in terms of active data flowing from server to storage, from network to network. Once something leaves the diagram, it's out of mind. The extra effort required to make sure that information stays secure over its entire life isn't that onerous, and few resources are needed to establish and follow protocols for data that falls off the edge of the corporate map. It's not laziness or expense that prevents sound thinking from being applied, it's purely a matter of an inadequate model.
The solution is simple. Make sure you know what happens in all the places where data can leak or be sent out, and establish procedures to keep it safe or erase it. Have a specific decommissioning process for any equipment that contains persistent storage, and treat every transfer of information out of the company with the same care that you lavish on data transmission over external networks. And leave the farce to Laurel and Hardy.