Your data

Post-Snowden/NSA and AP and other data breaches, attention has turned to a suite of encryption products.  Lots of competition.

Think about what you have and where you have it.  If you lose it, can someone else read it?   Is it encrypted?  Is that encryption secure?  Can NSA crack anything on the market?  Do you care?

Think both about your data at rest and your data in motion.  Encryption of storage (your hard drive, your back up (you do have one offsite, right?), your cellphone, your iPad, your thumb drives, your storage disks, your smartphone, your online email accounts, iCloud, etc.) is one thing.  Encryption of data in motion (emails, texts, SMS, phone calls, Instagrams, tweets, etc.) is another.  Data at rest includes “your” data in the possession of otherssuch as Dropbox, your doctor’s office, your bank, your employer, Facebook, and your friends’ phones, computers and email.  What if you move overseas – is it legal to use encryption in that country, assuming you got an export license (of course you did) to export the encryption software from the US?

Privacy requires time and attention. What are the applicable requirements?

That’s “your” data.  What about your employer’s information?

“Encryption arms race escalates,” Houston Chronicle, December 1, 2013 D6 http://bit.ly/IxrFn9

Advertisements

Leave a comment

Filed under Business Continuity, Controls, IT, Legal, Operations, Privacy, Requirements, Security, Use

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s