Is your data at risk?:  Why physical security is insufficient for laptop computers

When you look over the various PC Health Advisor available to protect your PCs can be challenging. I will examines the options, and show you why passwords are insufficient and makes the case for strong data encryption.

There are new frontiers in computer security

Computer security continues to evolve. Physical security used to be the main concern. Through 80s, high end mainframe computers were locked in special climate-controlled rooms within secure buildings. The security costs, after all things considered, was a very small percentage of the overall costs. However in todays, those systems are called “servers”; and although they are very important in their own right, they are a small percentage of computer shipments.

2.3 million server systems shipped worldwide in the third quarter of 2008, compared to 80.6 million PCs that shipped in the same period.

The widespread use of PCs creates much greater vulnerability compared to yesterday’s mainframe computers. Although desktop PCs are arguably less secure than centralized servers, such systems

probably have physical security identical to that of a company’s other on-premises assets. The least secure computers are those that are mobile.

According to the Gartner estimate for 2008, worldwide mobile PC growth is 25% versus 1.2% for desktops. According to its forecast, 293 million PCs would be shipped in 2008.

Whether you prefer the term “mobile PC,” “laptop” or “notebook,” the vulnerable systems are those taken off-premises. In spite of employee diligence, mobile PCs do get lost and stolen. Not

convinced? Take a look at www.privacyrights.org, a website listing breaches in data security that involve personally identifiable information (PII).

More than half of the states in the United States require disclosure of such breaches. Don’t let your company’s name get added to this list; good solutions are available.

Attacks on laptop data security To a casual observer, a laptop computer seems secure. To use a computer system, users must type

credentials into a window. If users do not provide the correct username and password, they cannot access the system. Like someone who misplaces the keys to a car, someone who forgets a computer

password is locked out. Without the proper credentials, access is blocked. Or is it?

Passwords alone do not protect data The login process prevents unauthorized users from running software. But a password does not, by itself, make the data on hard drives secure. A

user without a correct username and password cannot use the services of the operating system as installed and configured on that particular hard drive. However, a tech-savvy person without the

appropriate credentials can still attack a computer. There are three possible attack strategies:

•• Alternative boot device

•• Alternative boot device + alternative boot program

•• Moving a hard drive to an alternative computer system

Attack #1: Alternative boot device

One type of attack involves using an alternative boot device instead of the hard drive. Every

computer system supports this option. Over many years and many versions, the Microsoft Windows

setup disks have been distributed on bootable CD-ROM or DVD discs. A simple way to access a

system’s data is to boot to a Windows setup disk and install a new copy of the operating system.

This approach makes available any data that resides on a hard drive.

Attack #2: Alternative boot device + alternative boot program

A second attack combines the first attack with special boot programs. For example, many IT

professionals use bootable CD-ROMs with software like BartPE (Bart’s Preinstalled Environment) as an aid in fixing systems with boot problems.

Aside from legitimate uses, unauthorized persons can use this type of tool to mount an attack.

In addition to accessing normal user data files, such tools allow access to operating system files that are not available when the operating system is running. Of particular interest is the SecurityAccounts Manager (SAM) database, an encrypted

file with password hashes. Although this is an encrypted file, techniques are widely available to decrypt the SAM and read password hashes. While different from plain-text passwords, a password hash is the result produced when a password is run through a security algorithm. By replacing a password hash for an existing account—maybe one with administrator privileges—a data thief can boot and run the original operating system and any installed software.

Guarding Against Attacks #1 and #2

Support for alternative boot devices enables operating system installation. After the OS has

been installed, the use of alternative boot devices can be disabled in the basic input/output system (BIOS). In the same way that you can lock

the front door of your house, you can lock out alternative boot devices with the proper BIOS settings. To keep those settings in place, you also

need to enable password protection on the BIOS itself. A third step, locking the computer’s case, prevents a reset of the BIOS and failure of the

above measures.

Attack #3: Moving a hard drive to an alternative computer system

An individual with physical access to a laptop computer can remove the laptop’s hard drive using a screwdriver. Once removed from the original

system, the laptop’s hard drive can be attached to another computer—one on which the individual has valid login credentials. When installed on another computer, the laptop hard drive is not the bootable system drive. Instead, the laptop hard drive appears as a secondary data drive (drive D,E, etc.). When attached to another system like this, the laptop’s data is just as readily accessible

as if an authorized user had logged on to the original laptop. At this point, all data is readable;

only encrypted data is hidden from view. What can an intruder use to enable this type of unauthorized access? There are several choices,

but the simplest is a hard disk enclosure kit. These kits are available from computer retailers. Hard disk enclosures have a very reasonable and legitimate purpose: to create a portable storage device. A hard disk enclosure allows any hard drive to be portable between computer systems. Such enclosures support both USB connections and 1394 (i.e., FireWire) connections. The cost is nominal—typically less than US$20 (€15).

Therefore, this legitimate product can have illegitimate uses. A hard disk enclosure enables unauthorized users to read the data on a hard

drive taken from a lost or stolen laptop computer.

By using this tool, anyone who has physical access to a hard drive can gain full access to the data on that drive. Hard disk enclosure kits also include a screwdriver, which is often the only tool needed to remove a hard drive from a laptop computer.

Securing data requires encryption

True data security requires making data unreadable to persons who are not authorized to access the

data. And because file system permissions can be overridden using schemes like the ones described earlier, data encryption is the only truly secure way to hide sensitive data. To unauthorized users, encrypted data is meaningless. Only authorized

users with valid credentials can access the encryption keys needed to decrypt and use data.

This section reviews encryption support in Microsoft Windows, and the encryption support in three popular data encryption products from Sophos.

A look inside encrypted files

To understand the protection that data encryption provides, you must understand the difference

between data in an unencrypted state and an encrypted state. In both states, the data appears

in two forms: (1) numeric values and (2) character data. Software engineers commonly use both types

of displays when they need to understand the exact location of each bit and byte of data. In an unencrypted “plain-text” display, the text data

is clearly readable. Interestingly, even the most sophisticated word processing programs typically store text data in a very readable form. Of course, this helps software engineers when writing the

sophisticated programs. From a security standpoint, this practice also makes it easy for anyone—friend or foe—to read data on a hard drive.

It’s a different situation when the same file is saved on a hard drive that is fully encrypted.

By comparing an encrypted display with an unencrypted display, it becomes obvious that the

two are different. The encrypted data contains nothing that seems even vaguely understandable.

And that is the essence of encryption—to make some piece of data unintelligible and unusable to all except those who are authorized to use the data.

Data encryption in Microsoft Windows

Microsoft Windows supports some data encryption. Starting with Windows 2000, Microsoft made

available support for the Encrypting File System (EFS), a built-in mechanism for encrypting specific files or entire folders that reside on NTFS partitions. Note that FAT partitions are not supported, which means that files stored on USB memory sticks cannot be encrypted.

Encrypting File System (EFS)

When an individual file is encrypted using EFS, modifications made to that file may result in

the creation of unencrypted, or “plain-text,” copies. When a user opens an encrypted file using Microsoft Word, the file is decrypted by the operating system and copied to a temporary location. The plain-text file is used during the editing process, and the contents get encrypted

again only when the file is closed. This process can leave unencrypted remnants on disk, opening the possibility that sensitive information may be revealed.

The greater vulnerability of EFS comes from the fact that access is tied to a user’s logon account.

For example, a data thief could reset a user’s password on systems that are vulnerable to the attacks described earlier in this paper. A thief can impersonate a legitimate user, thereby gaining access to the EFS files for which the compromised

user ID has access rights. Paradoxically, the use of EFS in such situations has a negative effect on data security. A thief would probably examine

EFS-enabled files first, based on the assumption that encrypted files are likely to be the ones withsensitive data.

BitLocker full-drive encryption

A more secure alternative to EFS is full-drive encryption. Full-drive encryption protects against

both types of attacks described in this paper. When alternative boot media is used, the contents of the encrypted drive are gibberish. When an

encrypted hard drive is connected as a secondary drive (see Attack #3), the contents are still not readable.

A central benefit of full-drive encryption is that the choice of what data to encrypt and what to leave unprotected is taken away from the user.

All data on encrypted partitions is encrypted without exception. Microsoft’s full-drive encryption

solution is BitLocker. Sophos’s full-drive encryption solutions are SafeGuard Easy and its successor SafeGuard Enterprise. Let’s consider BitLocker. On Windows Vista, BitLocker can encrypt one disk partition: the one with the operating system (typically the C drive). Compared to EFS, BitLocker provides a more secure way to protect data. On a BitLocker-enabled system, data on the boot partition is unavailable unless a valid password is entered during system boot.

As we have described, Microsoft has built in some support for data encryption, starting with Windows 2000. When you need more than what comes with the operating system, we invite you to look at

Sophos’s line of data encryption products.

Conclusion

Is your data at risk? Unless your data is encrypted, the answer is yes. Although you must secure all computer systems, those that leave a company’s physical security perimeter are the most vulnerable. Such computers include laptops used by sales professionals, or those that executives take on visits to remote company sites. Without encryption, your company’s data is at risk. Don’t become the next lost laptop headline.

APO Encryption gets you all you need in one package:

• Tutorial Video
• Triple Pass Shredding
• Password Vault
• Built-in Compression
• Tabbed File Browser
• Encrypted files are Portable

Did you know that US border agents can search your hard drive

Recently, a US  court ruled that border agents can and will search your laptop and even your other electronic devices when you enter the country. And, the US is not alone in this since many countries have had a similar policy.

From what I understand, the selection process is completely random and they could download your entire hard drive.  People are being questioned about the websites they have been visiting.

By simply encrypting your hard drive with Full Disk Encryption (FDE) won’t cut it.  They can will ask you to type in your password.  A California court has recently ruled that you can “plead the fifth” and not give up your password.  I really see them wrecking your day if you do because they are well within their rights to hold and refuse you entry into the country.   Plus, there is software that is available that can test hundreds of thousands of passwords per seconds.

This software will break 24% of all passwords with a couple of seconds

WHAT ARE YOUR OPTIONS?

WELL, You have 3:

Wipe your hard drive

This is a process where you “shred” the important data from your hard drive and then “shred” the free space. This is a process called “forensically cleaning” your computer.  Ideally, since you have nothing on your computer, the border patrol can look all they want they are not going to fid anything. However, this really defeats the purpose of traveling with a laptop in the first place.

If you have access to a secure network when you reach your destination, you can get your data after you have passed through customs. However, you will have to forensically clean the hard drive again when you return.

This is could be your best defense, but it is time consuming, cumbersome, and may require you to learn how to clean a hard drive.   However, why would you need to take your laptop anywhere if it were wiped clean.

Hide the data

Some file vaults or FDE programs will allow you to render the icon linking you to your data to be invisible to Windows. What they don’t see, they can’t ask you about. Unfortunately, there is a simple way around this solution. If they boot up your computer using a Unix boot disk, which is faster than a Windows boot up, it all becomes visible again.

Don’t travel with your encryption key

With APO file encryption, because you can keep your key anywhere, simply leave the key behind and have it e-mailed to you when you arrive. You could even keep the key archived in your gmail or Yahoo account. When you are asked to decrypt your files, you can honestly answer that you cannot, because you do not have the key.

You need to ask yourself a few questions to determine whether you need encryption.

1. Are you currently using any of the following data protection tools:

• Firewall
• Antivirus software
• Password requirements to access data
• Network monitoring

If you answered “yes” to one or more of the the above options.  Why?  well, you recognize the fact that you need to protect your data.  Then why aren’t you using date encryption?  Data encryption is not only the last line of defense, the only defense you data has if the laptop  is lost or stolen.  Did you know that the FBI uses the “protection” tools mentioned above, and they have been hacked several times.

If someone does get access to your data, it will not matter they won’t be able to read it if it is encrypted.  APO costs less than most antivirus software and is much more effective at protecting your data.  Using the above tools may give you and your clients peace of mind in complying with many privacy laws, preventing lawsuits, and not to mention maintaining corporate policy, but you are missing the most important tool of if you are not using APO Data Encryption.

2. Is customer data stored on your computer?

If customer data is stored on your computer, then privacy legislation require you to protect that data.  And, encryption is the recommended form of that protection.  If you lose client data, you are not only required to alert your clients, but you will have to deal with unhappy clients.  You more than likely will be subjected lawsuits as well.

3. Do you keep Visa, Mastercard, or other credit card data on your computer?

Did you know that credit card companies now require you to encrypt client data on your computer and the the failure to properly follow encryption procedures may result in costly lawsuits.

4. Is Human Resource data kept on your computer?

Can you imagine the uproar that you would have to endure if the your employees found out what everyone else was making?  Do you know the costs of credit monitoring for all of your employees if your HR data was stolen.  The cost of data encryption software is far lower than the cost and headaches and APO encryption is a very cost effective insurance plan.

Computer security specialist around the world agree that if you need to protest your data, even in the event that your computer is lost or stolen, encryption is your only option.

Anti-virus or anti-spyware will only protect so much and that is generally against the “weekend” hacker, and that will not protect your data if your computer is lost or stolen.  Think about this, the most valuable thing about your computer is the data that is stored on it’s hard drives.  So, it makes sense you would use disk encryption to protect your data.

Did you know that every 6 minutes that your computer is connected to the internet that someone could “ping” your internet port to test your firewall.  If you are even running one.  If your firewall is not configured right or you are not using one: you can be targeted for more sophisticated attacks.  By simply, visiting a website that is not properly protected can give hackers a backdoor into your computer.

These attackers are ruthless, they relentlessly ping away at your computer all in an effort to get to your data.  Hackers will use anti-virus and anti-spyware to test their latest software and hardware.  The newest spyware that is launched today onto the internet is not going to be detected by the anti-spyware software.  That alone is the most important reason to keep your anti-virus software updated almost daily.  The downside is that some spy-ware may go undetected for weeks or even months and it will take even longer before an upgrade can be made available to fix the issue.

the good news that with APO data encryption that if you had spyware on your computer is that your data would be protected.  APO uses file encryption to prevent spyware from getting to your data, even after your encryption key has been loaded.  The APO data encryption software has been certified by independent labs set up by the US, Canadian and British governments, and this certification if your guarantee that APO encryption protects your data very much the same way that the military protects their own top secret documents.

If you want to backup your data, one of the best ways to do it is by using a remote offsite backup service. Below are some of the features and benefits of it.

If you ever lost data or had it corrupted, you already know what a problem it can be for you. You can lose a lot of work, documents that are important and family photos.

There are plenty of methods to make sure that software and hardware failures don’t happen, but you can’t keep it safe 100% of the time, so using a backup solution is a must for any business.

There are several ways you can use to protect data: you can use a DVD, a HDD, a remote backup service or even remote locations. In my experience, if you want the best safety level, you should use remote data backup. This is because you avoid any accidents like floods or fires which would destroy both your main data and your backup data if they were in the same place.

One other advantage is that you no longer need to disconnect or connect manually different devices, it all gets transferred by broadband internet. The problem can be in this case the fact that you need an Internet connection all the time, it can take longer than if you would use local storage and there is a small chance of your data getting in the hands of third parties.

The disadvantages I just mentioned aren’t that important to most people though.

Below are the benefits that can be brought by the use of a remote backup service:

Free backup software – In most cases you don’t need to pay for backup software, since the backup service provides it for free.

Technical support – If you have questions about the backup process or their service, you have specialists in computers at your disposal to help.

Servers with professional protection – Your data will be kept in shelters designed to protect those computers, in most cases underground, designed to be kept safe in cases of disasters or accidents.

Unlimited remote data storage – Store and backup all the data you need.

Global access to your data – Get access to your files from anywhere in the world.

Data encryption – You’re the only one able to access the data, since it’s password encrypted by the remote backup service.

Not all good things are free though. You will pay depending on how much space you need or what extra features you want added. In most cases, you will pay $2 for each GB per month. 5GB should be enough if you’re an individual, which would get the price to $10 per month.

If you want to use it for a corporation, the amount of space needed and the price will probably be much bigger, but the benefits that a remote backup service brings you can be invaluable.

We might be thinking or having great plans to make our company reach apex. We save all the information on our personal computers but are we making any efforts to secure it from the hands of hackers / infiltrators? Here are some helpful tips on “how to secure data effectively?”

* In your office execute a tiered data safety and security model. This will help in protecting data from one both internal and external threat.

* Next important thing is to secure your network by providing limited access to important files. Especially the master computer where all the information about products and services, customer information, legal documents, is available should have a password known to you or only one or tow person. It is advisable to change the secret code from time to time.

* Install firewalls, virus detection and anti spyware programs on your server. This will assist in avoiding any form of unauthorized or disruptive access to your stored data.

* Many networking tools will ask for change in management passwords at initial stages of installation. Then and there also restrict right to use means to those who need it.

* If the data is to be accessed by third party, say people who are doing background check or handling your data and media, then control the right to admission. Recognize the weak links in data movement procedure and rectify the deficiencies.

* We need to communicate information with the clients. Over the net we send the files/ documents that are important and don’t want third party view. So we can secure the file by using techniques like encryption, IPSec protocol and private networks.

* Use the right data encryption method. This will help you in maintaining the performance and interoperability of office.

* The most important thing when you have taken necessary security measures is to check that the data back up and archived data is secure. Check that data recovery systems are working finely.

* On regular basis update your security system to avoid any major damage.

For more inform on methods for data security, visit <a rel=”nofollow” onclick=”javascript:pageTracker._trackPageview(‘/outgoing/article_exit_link’);” href=”http://www.qsgi.com”>www.qsgi.com</a>.

In part 1 of 5, Patrick Townsend, CEO of Patrick Townsend Security Solutions, discusses AES Encryption, why it is important, and where to get it.

Bob Cozzi illustrates that products like the Q3 encryption appliance from BOSANOVA are necessary even on IBM’s System i5 tape backups

Introduction

The loss of a laptop containing medical records for 5,000 people was just one of a drip-feed of data privacy breach news stories in the past year. Public sector incidents alone led to over 37 million UK citizens having their personal data lost or stolen.

The leakage of 25 million child benefit records at HMRC last November was the world’s 5th largest reported data loss incident. With incidents at the DVLA, the MoD, NHS and US Government agencies, it seemed the issue of lax data security was a public sector problem.

But private enterprise also grabbed headlines in 2007, dubbed “The worst ever year for data protection” by website The Register. TK Maxx lost 5 million UK credit card records, Monster.com had details of 3 million customers taken, at loans.co.uk 250,000 private customer records were stolen & sold and Leeds Building Society lost data on its entire workforce.

Commercial Concerns

Loss of customer data is not the only worry in the private sector. A rising tide in Merger & Acquisitions and intensely competitive market has flagged the protection of commercially sensitive data as an equally strong concern.

Company directors and senior public officials are now taking steps to review policies, implement sensitive data procedures and assess the risks of their organisations losing private or commercially sensitive data. Sectors at high risk include Retail, Financial Services, Utilities and Professional Services.

Legislation & Standards

Protecting customers’ data privacy and that of the company not only makes sound business sense but is also becoming the subject of industry, government & EU regulation. According to security consultancy Vigitrust, laws such as the European Union Data Protection Directive and equivalent U.S. regulations have resulted in information security becoming a board level action item.

It would be a mistake for UK & European organisations to ignore U.S. legislation in this area as it may also be binding on companies trading with US consumers. Regulations such as California Senate Bill 1386 apply to “any person or business that conducts business in California” even if they are located outside the U.S.

Many organisations are pursuing ISO 27001 accreditation, the Information Security Standard (formerly BS7799). Larger retailers are striving to meet the Payments Card Industry (PCI) standard pioneered by Visa & MasterCard to address identity theft.

The public sector responded to its ‘annus horibilis’ by mandating data encryption on all laptops, but also by disseminating Information Governance standards on data privacy to all public bodies and practical assistance such as the ‘Information Governance Toolkits’.

Risk mitigation software vendor The Irish company, best known for detecting & reporting on illicit image abuse, has been conducting ‘Discovery Audits’ to detect unprotected sensitive data on company networks since 2007; its auditors found such unprotected data in over 36% of all IT resources scanned, including 46% of PCs, 32% of e-mail accounts and 30% of file servers. In each case, it required at least 20 instances of suspected privacy data to be detected in a document before being logged as ‘suspect’.

Risk assessment – Where to start?

Best practice begins with a risk assessment to detect actual data breaches or the existence of ‘data at risk’. In order to help corporations gain visibility of this risk, The Irish company offers a complimentary ‘Discovery Audit’ to detect and report on the presence of sensitive data at rest.

The Irish company Privacy Auditor software will scan for sensitive data such as Credit Card, Bank Account or National Insurance numbers, encryption keys etc. held in plain text on e-mail, desktop PCs, laptops and file servers. The Irish company Privacy Auditor can, on request, remove or encrypt such data for the client.

During this engagement, the organisation may nominate specific sensitive data or documents to be detected on its network, such as commercially sensitive financial data. A comprehensive report is delivered, together with suitable recommendations.

With the public focus on risk & compliance in the treatment of sensitive data, an early risk assessment is now considered the essential starting point to protecting the best interests of taxpayers, customers, companies and ordinary citizens alike.

David Tomlinson, managing director at Data Encryption Systems, interviewed at Infosecurity Europe 2009, Earls Court, London.

It is only speculation that they use this method, but it would make sense because it is about impossible to break. Follow my instructions carefully and try it for yourself. This is the method they don’t want you to know about.

One of the most frightening things that can happen to a person is to lose the data off of their hard drive. Many of us store personal and business information on our computers. The thought of losing data due to a crashed or failed hard drive or perhaps a breach of data security sends chills down the spine of every grown man and woman. Once you except that you did not back up your data you need begin the data recovery process.

What exactly are your data recovery options once your hard drive crashes? First of all, stop using the computer immediately. It is not suggested that you run any data recovery software that came with your computer as this software can overwrite the original files. The next step is to allow a hard disk recovery company to restore your pertinent files. Contact a reputable company immediately. There are a few companies who come right to your home, but at-home data recovery computer services charge more. Certain computer files, such as DWG files (a complex graphics file format), require a specialist in order to be recovered. If there is damage to the hard drive you may not be able to recover your files. A hard drive crashing is an instance where data recovery is possible. If your data security is breached you may never recover what is stolen.

The best way to avoid compromised data security is to put safeguards in place. A few data security measures are encryption, antivirus and firewall protection. Data security such as encryption translates data into a secret code. To read an encrypted file you must have access to the key or password that enables you to decrypt it. There are many software programs and services that provide data encryption services depending on your data security needs. Additional data security measures such as antivirus and firewall protection provide further data protection. Some software programs have the ability to provide both antivirus and firewall protection for overall data security.

One way to avoid the mess of data recovery is to perform regular backups. Basic computer maintenance includes full and incremental backups. It is recommended that you perform a full backup once a week. An incremental backup is a backup that backs up only the files modified since the last backup and depending on your needs you can schedule this to run every day. It’s also beneficial if you have a copy of your data offsite. When you need to access this data you can either open the offsite data program and run it, or log on via the web to access your data. You will want to check with your service provider how to perform data recovery if needed.

Data recovery either from a crashed hard drive or lost through compromised data security can be a frustrating and devastating experience. The best situation is to avoid the loss of data all together. With regular computer backups and data security measures in place your computer data will remain where it needs to be, on your hard drive and easily accessible.

Some people balk at the cost of protecting their data, as well as the time involved in doing secure backups. But what they fail to consider is the cost of their lost personal and productivity time that is spent trying to recover data that could be recovered in literally MINUTES if they had properly safe-guarded the data in the first place! If your computer data files are the lifeblood of your business and/or personal life, the time and money involved in protecting that data adequately and properly cannot be determined by a dollar value.

Data at rest has come to the forefront of many companies only recently but the truth is it has always been the target of hackers. Seems because it has fallen off the radar of most companies due to the fact it is information they don’t use very often. True data at rest is that information a company rarely uses and just may be sitting on some external hard drive waiting for some hacker to access it. Data at rest myths tend to be rationalizations for companies not to spend the necessary money to adequately protect it. This puts the information at risk of compromise or theft.

Data at Rest Value

Data at rest value seems to be relative to some. If it is not information currently relied upon its value is lowered and if it is information used its value rises. This is no way to look at company data. Information deemed to have less value may in fact have value. Data at rest is always all ways going to be valuable to someone. It may not be the company but a thief may be able to exploit it. Underestimating the value of data can be a critical mistake. Data at rest should never be viewed from the perspective of being outdated or irrelevant.
If data at rest is not a top priority then how a company will store the data may not be either. A large amount of information has been compromised because its present value is somehow diminished. Data at rest may be less valuable to a company because of its relevance to operations but it can have great value to those that would exploit it. A hacker may find data at rest many times easier to access because of the myth that current data is the only valuable data. If the data at rest is placed in an external file on the system where it just sits without being secure then a hacker discover it and find access simple.

Data at Rest Security

Data at rest is not secure just because it is stored externally or off the system. The hard drive or server could be stolen. The use of adequate 256 bit algorithm encryption is just as necessary for security of this data as other information. Even if the data at rest is stored on an external hard drive security concerns should be high if you want to keep the data secure. It may be time to take a look at the data at rest security precautions being taken to prevent exposure of sensitive information. The same safeguards that are used to protect transmitted information must be used to protect data at rest or stored information.
All data at rest simply must be encrypted for the most secure environment to exist and prevent the unauthorized reading of data. Implementation of encryption technology for the data at rest in or outside the system is necessary for ample security of the data. Encryption is able to protect data from security breaches even if the data at rest is accessed. Sophisticated encryption systems like the ones designed by SanDisk Enterprise are being used successfully by many companies. If an external hard drive is accessed encryption technology prevents exposure of confidential information and files.