Full Disk Encryption Not Used At State Street?.

State Street Corp., the global money manager based out of Boston, is alerting 45,000 customers and employees that they may be at an increased chance of identity theft.  More specifically, they’re legacy customers and employees from Investors Financial Services (IBT), a firm that State Street acquired last year.


IBT had retained the services of a legal support vendor prior to being acquired, and this unnamed vendor lost computer equipment—no word on what type of equipment it may be—in December of last year.  The story is receiving a small amount of coverage as of this time. 


According to the coverage by bizjournals.com, it took State Street approximately five months to figure out the contents of stolen equipment, since the company had to “translate largely encrypted data into a readable format and gauge the extent of the data theft.”  I couldn’t find this detail anywhere else, including State Street’s own site.


Initially, I thought that State Street must have used only file encryption to protect their clients’ and employees’ data, since a full disk encryption solution like AlertBoot wouldn’t have necessitated a time?consuming effort to decrypt data.  However, it’s quite obvious that State Street is working from backups to analyze the contents of the stolen equipment.  In essence, there is no way to verify that the stolen equipment had other forms of protection like full disk encryption unless State Street decides to reveal that information.


Is one better than the other? What’s the difference?  Well, as an example, AlertBoot full disk encryption ends up encrypting everything on the storage device.  So, if full disk encryption is used on a laptop, the entire contents of the hard disk in the laptop—from customer data to your Solitaire program—is encrypted.  Without providing the correct username and password, there is no way to access the contents of that laptop.  Plus, decrypting the information is instantaneous—the moment you gain access to the computer, your information is decrypted (I’m glossing over the technical details here, obviously).


File encryption, however, means protecting individual files, so one has to mind whether a file is to be encrypted or not (and there is always the worry whether a critical file was encrypted if the computer gets lost or stolen).  In many ways, it’s not as convenient as full disk encryption.  However, there are pluses to file encryption over disk encryption.  For example, you can still use your computer if you don’t remember your username and password for encrypted data—you just don’t have access to certain files, that’s all.  Plus, if you forward a file?encrypted document via e-mail, the data remains protected.  This is not so with full disk encryption.  If you e-mail a document from your hard drive encrypted computer to a colleague, he will not require the username and password to access that document.  Of course, there’s nothing preventing one from using both full disk encryption and file encryption to protect data.

Comments (0)

Let us know what you think