Military hard drive loss demonstrates that physical security is not enough
Lumension Security (published 29/09/2008)
USB drives stolen from Royal Air Force base show that physical losses can occur from even the most secure facility and adding weight to the need for data encryption
Information stored on USB portable hard drives has been stolen from a high-security area at the base of Service Personnel and Veterans Agency at RAF Innsworth, Gloucester, according to media reports.
Andrew Clarke, senior vice president, International, Lumension Security comments:
“The fact that data has been stolen from a high security area, demonstrates that data held on a device, no matter what physical security measures it has been subject to, can make its way out of an organisation.
“In this case, the USB portable hard disk drives will not have fit easily into the pocket of the thief. Considering that USB hard drives are the size of small shoe boxes, it is likely that the thief will have had a reason for being inside the organisation.
“There needs to be a fundamental change in the way that Government handles data and as we have seen over the last year this will not happen overnight. Government organisations need to consider holding a data amnesty, whereby data held on unofficial or non-encrypted devices, can be handed back to the IT department. Whilst, the Government needs to put in place device control policies that enforce assigned permissions to individuals and devices and ensure all data is encrypted during transmission.”
