Op Ed: Identity Theft and Cloud Applications
Theft and loss of laptops is currently estimated to be more than 85,000 per year and rising dramatically 1. The incidence level is highest among research and education than in other industries 2. The recent report of Warren Country Community College exemplifies the problem of having confidential student data leaving campus on laptops — over 5,000 current and former students were in danger of experiencing identity theft with the college endangered by endless litigation. Encrypting or password protecting data on a laptop containing confidential information is little more than a minor hindrance to the “big business’ that has grown up around selling usable, confidential information on the open “identity market” 3. Microsoft’s much touted Windows 7 “Bitlocker” was cracked within months 4. Another view into just how easy it is to crack passwords and encryption is related in the story of a German man who cracked 160-bit SHA-1 Crypto (STRONG encryption) using an Amazon GPU he rented for $2.40 5.
Combine these facts with a common lack of knowledge on the part of employees that emailing documents containing confidential information is analogous to posting the information on a freeway billboard and we quickly uncover the timidly weak security inherrent in storing our documents on our personal computer and using desktop software like Microsoft Excel and Word.
Enter “Cloud Applications”, i.e., Google Docs, etc. Confidential information never leaves campus with the laptop, its secure in the cloud, yet accessible for all who have permission… from anywhere. Nothing need ever be emailed to a coworker, just shared in a secure environment that has never been broken. The only breach of security has occurred when users voluntarily remitted their passwords to “spear-fishing” scams. If you’re handling confidential information for the organization and keep copies on your laptop or emailing them to other users, don’t you think moving to Google docs is a really good idea?
NOTES:
1. The Billion Dollar Lost Laptop Study – 9/30/2010
2. ibid.
3. NJ.com – 11/4/2011: Laptop containing private student information stolen at Warren County Community College
4. Lifehacker: How to Break Into a Windows PC… – 10/28/2011
5. Infosecurity: SHA-1 CRYPTO Protocol Cracked… – 11/18/2010
- puffro01's blog
- Login to post comments
Comments
Security of the cloud
I’d like to add that many argue the security of the cloud to be worse because the data isn’t physically sitting on an organization’s property. Also, the data’s security is being managed in part by the cloud providers. So the cloud isn’t perfectly secure. I do not think anything ever will be. However, I trust google’s approach to security better than I trust my own. Either way there exists a server with information on it which can be hacked. Physically located where I don’t get to look at it isn’t making me any less secure, as there are not any definitive boundaries on the wires anyway.