Disk Encryption Software: Law Firm’s Ex-Partners Accused Of Stealing Files.

Full disk encryption like AlertBoot could have prevented some of the problems being described in a pretty acrimonious lawsuit between partners.  According to law.com, former partners at a law firm are embroiled in courtroom drama because of stolen files:

Elliott Greenleaf has amended its complaint against a former partner and his new firm, Stevens & Lee, for his alleged remote access to the firm’s files to now include the theft of more files via portable drives and the misappropriation of escrow funds.

You can read more here, but the gist of the story is that electronic files were stolen using DropBox and portable hard drives.

Protecting External Drives, Securing External Drives

I won’t go into a detailed description of the story.  Instead, I’d like to offer something that’s going to sound like a plug for AlertBoot.  But, I only do this to illustrate why not all encryption products are the same.

First, I want to point out that encryption software is not a magic bullet for data security.  In the above story, it is alleged that DropBox was not only used to steal client files, but also used to keep an open connection to the plaintiff’s data.  Obviously, this calls for some kind of application control software, where the IT department (or the IT guy) can whitelist and blacklist which software programs can be installed on a computer.

Now, with that out of the way, let’s consider the situation regarding the portable drive.  Would disk encryption on the firm’s computers have prevented the accused partners from hooking up an external drive to them and stealing data?

The answer is it depends.  Let’s compare AlertBoot with like TrueCrypt, a free encryption program.

With AlertBoot, chances are that the answer is “yes, it would have stopped the data theft” for a couple of reasons.  First, AlertBoot has an auto-encrypt feature where external storage devices connected to an already-encrypted computer also get encrypted.  It’s primarily meant for stopping data breaches caused by accidental loss, such as when employees copy data to an unauthorized USB flashdrive, which later falls out of one’s pocket or whatever; feel free to supply your own scenario or experience.  The point is, this auto-encrypt feature also means that if a rogue employee is looking to steal data, the data will end up encrypted as well.

TrueCrypt, as far as I can tell, does not have this capability.

Big deal, you might think: if the employee copied encrypted data from his own computer, he knows the password!

That’s a valid point but not one that AlertBoot suffers from.  There are two ways to access encrypted data: provide the password or provide the encryption key.

In AlertBoot, endusers do not have access to the encryption key.  These are managed and stored from (and automatically backed up to) our centrally managed console.  So, potential rogue employees do not have access to the one surefire method of gaining access to the protected data (and, just because you have the encryption key doesn’t mean decrypting the information will be easy.  The oft-quoted “advanced technical skills” will be required.  A Google search won’t help, since most websites cover the theory but not the nitty-gritty practical steps).

This is also true for TrueCrypt.  As long as an IT administrator provisioned the computer, the enduser would not know the encryption key.  Of course, it would also mean that the IT guy has to ensure that there are backup copies of the keys; that they’re being managed (matching the key to the correct computer); etc….but, this is a tangent to the above scenario, and true of many commercial encryption programs.

Moving on to passwords: if a person knows the password, can he or she access the copied/stolen data from another machine?  The answer in AlertBoot is “no.”  For TrueCrypt, it’s “yes.”

In order to use a password to access encrypted data, you need the software that was used to encrypt the data.  In TrueCrypt, it’s a matter of downloading the free software to a computer.  If you have the right version of TrueCrypt, and you have the password, it doesn’t matter what the encryption key happens to be: you’re in.

In AlertBoot, you’re faced with obstacles that prevent the above from being a viable “hack” into the encrypted data.  You can always sign up for the software, but each computer gets its own encryption key.  In other words, even with the right password, our rogue won’t be able to access the copied data on the disk because the keys don’t match up.  And, while we do have options for sharing data between multiple computers that are encrypted with different keys, these need to be within the same group or account.  The rogue employee, if he does sign up for AlertBoot, would be outside this group.

Identical Encryption Algorithm Does Not Mean the Encryption Software are Identical

This is not to say that TrueCrypt is a bad product.  In fact, I think most people agree, including myself, that it’s a great product that offers strong encryption at a phenomenal price.  But, as a non-centralized solution, it does have some aspects that will be perceived as shortcomings, depending on who you are and what you need your solution to do.  Encrypting a couple of computers using TrueCrypt?  Easy-peasy.  Doing it for 75 computers?  Not so much.

The point is that no two encryption suites are the same, even if they use the same algorithm (say, AES-256 bit encryption) and have the same objective: encrypting the whole drive.

Related Articles and Sites:

Comments (0)

Let us know what you think