“Eternal vigilance” said Wendell Phillips in 1852 “is the price of liberty.”
It’s also the price you pay for keeping your data secure, especially data residing on mobile devices.
Protecting portable digital information, says an industry insider, can be as challenging as securing your company’s data centre.
For both tasks, “there isn’t a one-size-fits-all remedy, or a magic bullet,” says Rick Bauer, director of technology and education at Storage Networking Industry Association or SNIA.
What’s needed today, he says, is a mindset that looks at every digital asset and makes sure layers of security are applied on it.
San Francisco-based SNIA isa trade organization with a mandate to make storage networking technologies understandable, and easy to implement and manage.
Bauer, in a recent podcast, advocates a “multi-layered” approach to securing portable devices such as laptops.
His recommendations are partly based on his experiences during a previous position as chief information officer at Hill School, a technologically advanced boarding school at Pottstown PA.
He also draws on the results of research done by a SNIA set up storage security forum that includes researchers from universities such as Carnegie Mellon, and University of California System, as well as representatives from government and industry.
The idea behind the forum, he says, was “to jointly determine best practices, author booklets and other educational materials to help reverse the trend of the data losses and other breaches.”
Today, the SNIA exec says, with the broad range of exploits and opportunities for data theft, it takes a variety of different products to combat them – both internally and externally.
“I don’t think you’re ever completely secure,” says Bauer. “It’s a question of always remaining vigilant, and every now and then auditing and making sure things are in good shape.”
He says data security begins with basic things such as making sure default passwords on routers and hubs are changed. “It’s amazing how many times you can walk into a place and notice that either out of forgetfulness or the fact that no one called attention to it, a default password is sitting on a router or another piece of hardware.”
A multi-pronged approach, says Bauer, is indispensable to combating mobile data theft – an increasingly common phenomenon today.
Drive encryption technologies – created by companies such as Hitachi and Seagate – provide one antidote, ensuring that if a laptop is lost or stolen, no one else will get to the information that resides on it.
But it’s also important to ensure there are ways to retrieve lost or stolen laptops, Bauer said.
To this end, SNIA is working with companies such as Vancouver–based Absolute Software Corp., a provider of computer theft recovery, data protection and secure asset tracking tools.
The Association has deployed Absolute Software’s Computrace Complete product for theft prevention and recovery.
Computrace Complete allows IT administrators to monitor computer movement, call history, asset leasing information and software license compliance.
According to the Absolute Software Web site, the product comes with a $1000 Recovery Guarantee if a stolen computer cannot be located within 30-60 days – as well as an optional “data delete” service.
Bauer said as CIO of Hill School, he had used Computrace to secure the school’s laptops, and was very pleased with the results.
“We were one of the first high schools in America where every student had a laptop – and if you understand the responsibility quotient of the average teenager, you understand [why] securing all those laptops was going to be a challenge.”
Computrace, he said, helped the school effectively lick this challenge.
“We had a great track record for about seven years of every laptop that was ever lost or stolen being recovered by [Computrace]. It’s been a really good product.”
Computrace, he said, is now being used by SNIA to secure its virtual environment.
“At SNIA, we have only about 20 staffers but they’re all over the world. We have lab directors in Bangalore, marketing folk in Beijing, our headquarters in San Francisco, labs in Colorado and other places around the country. We travel a lot as well, so the potential for loss or theft really presents itself.”
Bauer, who manages SNIA’s laptop assets, said he opted for Absolute’s Computrace because of the product’s exceptional performance at Hill School.
“It was a natural choice to recommend that here at SNIA, and we’ve had a good experience over the past three years.”
Bauer noted that many organizations only realize the value of their digitally stored information after they lose it, and then regret they hadn’t backed up that data.
At SNIA digital data backup is standard practice, and it’s easy to understand why.
The organization’s digital assets include contracts, vendor agreements, history of interactions with its member companies, development actions with specifications, and other documents that reflect months of collaboration between more than 50 companies towards standards.
As Bauer puts it: “It’s just a good practice to makes sure that if the unthinkable happened we’d have a way of getting to that information.”