This is one of the more amusing stories I’ve read in a while. An Ireland utility company says that unencrypted data on four stolen laptops will be difficult to access because the machines require a username and password. “I don’t want to minimize the risk but this is not a normal laptop that you could break into that easily,” said Dave Bunworth, managing director of Bord G??Â¡is Energy. The stolen laptop in question contains account data on 75,000 Bord G??Â¡is’ customers.
In the wake of this story, many security and It folks-pro and enthusiasts-have commented on the ease of yanking the hard drives and retrieving the data without ever tripping over a username/password challenge. And Bord G??Â¡is has redoubled efforts to ensure sensitive data is encrypted, which was the policy prior to the machines’ theft.
While encryption is a good measure for protecting data in transit and at-rest, it’s not a panacea for all security woes. Access control, authentication and role- or user-based privileges ensure a greater degree of security policy enforcement granularity and data protection. While this seems simple, many organizations are still clueless about the necessity and benefits of multifactor authentication.