FCW Insider

Blog archive

Portable data

As I mentioned earlier, I'm at FCW Events' CIO Summit and the whole story about VA's stolen data was quite the buzz, needless to say. And they say that timing is everything, so it was perfect that there was a session today titled "Identity Management: New challenges for managing access and securing staff." The panel featured Rob Brandewie, director of the Defense Manpower Data Center, and Rich Guida, director of information security for Johnson and Johnson and a former fed who served as chairman of the Federal Public Key Infrastructure Steering Committee.

Both of them spoke of the difficulties of securing data these days because it is potentially so mobile.

I didn't ask them to comment on this case specifically because they don't know the specifics. But I did ask them about securing data.

As far as I understand the VA situation, it isn't even that the laptop was stolen. It was, of course, but the data was on some kind of mobile device.

Here is what the NYT reported this morning:

A Congressional aide briefed on the matter, granted anonymity because he was not authorized to speak publicly about it, said the information was on disks. Secretary Nicholson, speaking at the same news conference as Attorney General Gonzales, said the worker had taken the data home to work on a department project. Mr. Nicholson described the worker, who has not been identified, as a longtime employee of the agency. He lives in suburban Maryland, a law enforcement official said.

Brandewie said that it is these precisely these kinds of incidents that keep him up at night.

"Data is so portable," he said.

DMDC has policies that prohibit taking large amounts of data away from the office, but many people don't recognize the dangers until they suffer some kind of incident. "People don't realize the implications of what they're carrying," he said.

Many organizations have focused on encrypting data as it moves, but few focus on encrypting data that is in place, Guida acknowledged.

Johnson and Johnson is working to encrypt data on a laptops of employees that are most at risk, he said. That will tie the data on the laptop to a token so if a laptop was stolen, they would also need the token and password to access the data.

Generally with security, people tend to take the path of least resistance – until they are burned, Guida said.

Of course, I'm sure not so coincidentially, OMB is reminding everybody about securing their data.

Posted by Christopher Dorobek on May 23, 2006 at 12:15 PM


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.