Sunday, November 9, 2008

Really valuable information

Before the election, I noted that private information of Samuel "Joe the Plumber" Wurzelbacher had been stolen, and it had been stolen in such a way (no way to know who had logged into the system, test account open for years, multiple individuals using the same log on information) that it seemed that someone had really dropped the ball on security. However, lest I give the impression that people's information is only menaced by insecure government (or large corporate) systems, I would like to present the example of the Intel Itanium Processor. The design for the Itanium processor, like Joe the Plumber's personal information, was stolen. This is true even though the Itanium processor was undoubtedly protected by the most sophisticated security available.

The moral of the story - if it has value, it is at risk of being stolen. Whether your personal information is stored on a government server with minimal security, or on a corporate server with encryption limited access, there is no such thing as complete safety.

1 comment:

John Taylor said...

Good post William.
That brings to mind things I have been trying to impress on private business. First, I always remind them that it isn't someone elses' information at stake, it's ours. A business owner who protects the data he keeps on his employees as well as his customers might be protecting my information.

I also still like the formula wherein if we can lower the value of data then we might lower the incidence of theft. To enmpower everyone with a risk mitigating tool that will provide early warning and restoration for all types of ID theft would be to effectively do that. A thief needs time to perpetrate his crime to his advantage, the more time the better. If we can have instant notification and forensic experts to correct all of our records we can effectively lower the data "value" to the thief, and I believe lower the risk. Building higher and more sophisticated walls around the data only serves to be a challenge to thieves. Corp approach is focused on solutions. There are actually no solutions for protecting very valuable information, only temporary stopgaps.