FCW Insider

Blog archive

Portable data

As I mentioned earlier, I'm at FCW Events' CIO Summit and the whole story about VA's stolen data was quite the buzz, needless to say. And they say that timing is everything, so it was perfect that there was a session today titled "Identity Management: New challenges for managing access and securing staff." The panel featured Rob Brandewie, director of the Defense Manpower Data Center, and Rich Guida, director of information security for Johnson and Johnson and a former fed who served as chairman of the Federal Public Key Infrastructure Steering Committee.

Both of them spoke of the difficulties of securing data these days because it is potentially so mobile.

I didn't ask them to comment on this case specifically because they don't know the specifics. But I did ask them about securing data.

As far as I understand the VA situation, it isn't even that the laptop was stolen. It was, of course, but the data was on some kind of mobile device.

Here is what the NYT reported this morning:

A Congressional aide briefed on the matter, granted anonymity because he was not authorized to speak publicly about it, said the information was on disks. Secretary Nicholson, speaking at the same news conference as Attorney General Gonzales, said the worker had taken the data home to work on a department project. Mr. Nicholson described the worker, who has not been identified, as a longtime employee of the agency. He lives in suburban Maryland, a law enforcement official said.

Brandewie said that it is these precisely these kinds of incidents that keep him up at night.

"Data is so portable," he said.

DMDC has policies that prohibit taking large amounts of data away from the office, but many people don't recognize the dangers until they suffer some kind of incident. "People don't realize the implications of what they're carrying," he said.

Many organizations have focused on encrypting data as it moves, but few focus on encrypting data that is in place, Guida acknowledged.

Johnson and Johnson is working to encrypt data on a laptops of employees that are most at risk, he said. That will tie the data on the laptop to a token so if a laptop was stolen, they would also need the token and password to access the data.

Generally with security, people tend to take the path of least resistance – until they are burned, Guida said.

Of course, I'm sure not so coincidentially, OMB is reminding everybody about securing their data.

Posted by Christopher Dorobek on May 23, 2006 at 12:15 PM


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.