A friend forwarded an interesting article to me yesterday. It was posted on the BBC News web site reporting "Up to 1.7m people’s data missing." Of particular note in this article:
"EDS assesses that it is unlikely that the device was encrypted because it was stored within a secure site that exceeded the standards necessary for restricted information."
Where do I start with this one?
First, let’s take a simple view of this. The disk drive was stored within a secure site which exceeded standards. This belief only works if you have complete and detailed access control to the secure site. Assuming devices will never fail, maybe you can argue the risk level is low and the probability of a loss is a long shot. The only problem is, I haven’t seen any site exercise complete and total control. Hardware does fail. If it is a disk drive, chances are the IT folks will replace the malfunctioning drive. The "bad" drive should be inventoried and disposition tracked.
Now let’s pick on the need to encrypt inside a secure site. In a perfect security world, every disk drive would be encrypted. Even if it stored inside a secure facility. We’re not in a perfect world so we have to rely on process, procedures, and controls to help mitigate risk. Until hard drives are encrypted on the fly, we’ll continue to have this problem. Seagate has white papers and studies which discuss some issues around securing data centers and servers.
"Unauthorized data exposure can occur even in the best-managed data center. The wise precaution is to secure sensitive data with drive-level encryption, so that the data is rendered useless when the drive is unplugged and leaves the data center. Retired and repurposed drives can also be securely and completely erased before they are redeployed."
I pulled this up rather quickly so please don’t take this as a promotion of Seagate. Though it is nice to see manufacturer’s finally creating drives will full disk encryption on the drive. They also have an interesting site focused solely on encrypting drives in data centers.
The bottom line is this. Hard drives are mobile. They will fail on occasion. Failed drives can be recovered with the right technology. Processes are key. If the a drive failed, then degauss it or shred it. If the drive is being repurposed, then erase the drive.