Last month I posted a list of best practices for managing a database and discussed, among other things, protecting data on USB drives and laptops. A recent discussion on the Information Systems Forum has suggested options for protecting USB drives. Richard Rothwell posted a blog entry on Portable Data Security, several list members recommended using TrueCrypt, and Carlos Thomas posted a TrueCrypt tutorial.
However, Zac Mutrux countered that “it is far easier to secure a single centralized system than it is to secure a bunch of little storage devices or disks floating around somewhere” and added that “there must be a mechanism for key escrow and recovery. Else encrypted files may be lost when someone leaves the organization (or dies, for instance). This is why packages like TrueCrypt are suitable for personal use, but are not suitable for use in an organization.” And Peter Campbell responded that “password protection on individual documents or thumb drives is an accident waiting to happen.”
I’m with Zac and Peter. I think the best solution is to take steps to keep sensitive data off laptops and desktops. In particular, data like social security and credit card numbers should be in encrypted fields in a database in a locked server room. Only employees with a “need to know” should be able to decrypt/view these fields (and some systems don’t let anyone decrypt them).
If this isn’t possible at an organization, the sensitive data can be stored in a separate database or, even a password-protected file, without names — an ID number would link these records to the main database. In the case of credit card numbers, many vendors are storing them in a separate payment gateway and using tokens to link them to the original database record.
But if you can’t take these steps, or really do need to store sensitive data on local machines or removable media, those devices should at least be encrypted.