Hard Disk Encryption Not Used On Springfield Alternative School Laptops?.

The Keifer Alternative School in Springfield, Ohio is informing parents that ten laptop computers were stolen from school grounds on June 30.  While the laptops did contain some sensitive data, it seems to have been relegated to information tied to students’ disabilities.  The school has noted that Social Security numbers were not stored on these laptops.  It is not known whether data encryption software was used on the missing laptops.

Moving From One Building To Another

The laptops belonged to employees of the special education department in the district.  These employees had relocated from the South High School building to the Alternative school.  Had they relocated a bit later, perhaps they wouldn’t have fallen victim to the break-in.

But, that does not change the fact that the new school grounds didn’t have adequate physical security.

Relocations – Pitfalls for Data Security

The problem with relocations, from a data security perspective, is that it’s pretty hard to ensure there isn’t a data breach.  Most of the time, nothing will happen.  But, it cannot be denied that computers can get stolen while being moved to the new location, at a higher rate than if they had stayed put in a locked room. 

Also, computers can get stolen after being moved to their new location: if the construction of a facility was not planned with such relocations in mind, the computers could (possibly) end up in a less-secure environment.

Having full disk encryption installed on computers would solve the data breach problem, but the lack of adequate physical security would mean that computers can still be stolen.

Using Disk Encryption

Most people working in the data security field will tell you that there is no such thing as absolute data security (unless they work in the marketing department).  The reason is quite simple: there are too many ways to steal data.  Stealing a computer is one.  Hacking into a computer is another.  A third one is quite a time-honored one: you threaten an insider, and the threatened one does the dirty deed.

Protection from each one of these scenarios requires different solutions.  Even more importantly, it also requires that none of the solutions–not even one–fail, ever.  That’s a heck of a requirement.

However, just because a solution does not cover 100% of your needs, it doesn’t mean that it’s useless, or unnecessary, or undesirable.

Case in point, the above case.  Encryption software can’t stop hackers from gaining access to your computer, if it’s connected to the internet (firewalls and other software takes care of that).  Encryption cannot stop one from stealing a laptop (locked doors and cable locks are necessary for that).  Encryption can be overridden by an insider who’s threatened, assuming he knows the username and password for accessing the data.

And, yet, despite all the things that could have gone wrong, if encryption had been used on all ten laptops stolen from the Keifer Alternative School, there would be no security breach.  The key is to use different tools to cover all the different security aspects.  Even if the coverage is not 100%, the security in place will come in handy depending on the situation.

Related Articles and Sites:

Comments (0)

Let us know what you think