I'm frightened sometimes by the misconceptions and unfounded faith folks place on encryption - even technical infosec pros. For instance, someone recently asked me why you need to worry about malware exfiltrating sensitive files if you have BitLocker encryption enabled. “The files are encrypted, right?”. Wow! That is scary. The disk, or to be more accurate the volume, is encrypted. So if you boot up a hacker tool flash drive or take that drive out and access it from another OS, the data will be useless because it's encrypted. But in the malware scenario, the malware is running in a process in the OS, probably as the end user. But it doesn't matter who the process is running as. Any process on the system that reads from the disk will get the unencrypted data because file system takes care of that transparently. So there's a case of encryption running perfectly but at a lower layer and transparent to the layer of the attack – yet the assumption was “well it's encrypted, so it's safe.”
Data is only 100% safe when it no longer exists and that's where data erasure comes in. Securely erasing data according to your data retention policies is emerging as a key method for enhancing data security. And we aren't just talking about erasing hard drives before recycling old hardware. That's great at the end of life, but what about data residing on active machines, like:
- Harvesting “deleted” files
- Left-over copies of files no longer needed such extra data
- Old files beyond data retention policy
- Temporary files in user’s own profile
- Temporary, or left over, files after a privileged user logged off a PC
- User data found on and recovered from free disc space of a drive
- (Unencrypted) Data copied over to a removable media unit
- Classified data saved in open storage by mistake
- Application data left from user or business processes
- Sensitive data required to travel internationally (where decryption is forced)
In this real training for free ™ webinar I will examine data security risks that can be drastically minimized with data eraser – in real world scenarios that take no time at all to implement. I'll show you how to ensure data gets erased as soon as its lifecycle permits or demands. Not simply deleted, but securely erased. That's where my sponsor, Blancco, comes in. You'll see how their data erasure platform provides secure eraser of files and folders no longer needed on endpoints both on-demand and automatically. Both PCs and Servers.
Then we will discuss how to align your data retention, data eraser and encryption strategies for maximum risk coverage. I will even show a cool feature of what could happen if someone tries to hack you by logging in and entering the wrong password 5 times….think mission impossible here!
Don't miss this real training for free event. Please register now.