Everyone believes sensitive data should be encrypted, whether housed in the data center, stored on PCs or notebooks, or filed away on removable storage. The problem, as recent headlines show, is that too few organizations bother. Just this week, a New Zealand man who bought a used MP3 player in Oklahoma found 60 files that included the names and personal details on U.S. military personnel. That's just the latest example of many that demonstrate that lots of drives, tapes, and entire notebooks are lost with sensitive data that wasn't encrypted.
An industry standards group and many of the world's hard drive makers hope to make it easier to protect that data. The Trusted Computing Group (TCG) this week unveiled three specifications for full-disk encryption for use in all types of storage devices and encryption key management schemes. Because the encryption management technology based on the specifications is built into the hardware, any storage device using the technology could require the use of a password before the system even starts.
Devices that could use the specification range from consumer gadgets to standard PCs and notebooks to drives used in data centers, servers, and large storage arrays. "This is a great step in making encryption a standard feature for hard drives. Building security in is an excellent approach to such a difficult problem to start with," says Pete Lindstrom, research director at analyst firm Spire Security.
The three specifications include:
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
