FCW Insider

Blog archive

Portable data

As I mentioned earlier, I'm at FCW Events' CIO Summit and the whole story about VA's stolen data was quite the buzz, needless to say. And they say that timing is everything, so it was perfect that there was a session today titled "Identity Management: New challenges for managing access and securing staff." The panel featured Rob Brandewie, director of the Defense Manpower Data Center, and Rich Guida, director of information security for Johnson and Johnson and a former fed who served as chairman of the Federal Public Key Infrastructure Steering Committee.

Both of them spoke of the difficulties of securing data these days because it is potentially so mobile.

I didn't ask them to comment on this case specifically because they don't know the specifics. But I did ask them about securing data.

As far as I understand the VA situation, it isn't even that the laptop was stolen. It was, of course, but the data was on some kind of mobile device.

Here is what the NYT reported this morning:

A Congressional aide briefed on the matter, granted anonymity because he was not authorized to speak publicly about it, said the information was on disks. Secretary Nicholson, speaking at the same news conference as Attorney General Gonzales, said the worker had taken the data home to work on a department project. Mr. Nicholson described the worker, who has not been identified, as a longtime employee of the agency. He lives in suburban Maryland, a law enforcement official said.

Brandewie said that it is these precisely these kinds of incidents that keep him up at night.

"Data is so portable," he said.

DMDC has policies that prohibit taking large amounts of data away from the office, but many people don't recognize the dangers until they suffer some kind of incident. "People don't realize the implications of what they're carrying," he said.

Many organizations have focused on encrypting data as it moves, but few focus on encrypting data that is in place, Guida acknowledged.

Johnson and Johnson is working to encrypt data on a laptops of employees that are most at risk, he said. That will tie the data on the laptop to a token so if a laptop was stolen, they would also need the token and password to access the data.

Generally with security, people tend to take the path of least resistance – until they are burned, Guida said.

Of course, I'm sure not so coincidentially, OMB is reminding everybody about securing their data.

Posted by Christopher Dorobek on May 23, 2006 at 12:15 PM


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.