Security breaches happen all of the time. They're so common now that maybe more business executives are beginning to ignore the headlines. That'd be a mistake. While the headlines may read the same, the way security breaches are occurring is beginning to change in a big way. It is no longer only about hackers cracking databases loaded with bank account data. Thanks to the ubiquitous availability of new types of storage today, writeable disc drives, MP3 players, and USB thumb drives can be lost and pose a serious security risk.
In fact, these incidents are growing increasingly common. Consider a recent breach in the U.K., where The British Department for Work and Pensions had to call for the emergency shutdown of a government computer system because a USB drive was found in the parking lot of a pub. The drive happened to contain the passwords of about 12 million residents for a government Website that helped residents manage everything from parking tickets to taxes.
As that incident shows, if proper precautions aren't put in place, data stored on the corporate network could end up transferred to a CD, sent through email unencrypted, or end up in a bar parking lot to be found by anyone.
Robert Pittman, Los Angeles Countys chief information security officer, is well aware of these risks, and has been working to make sure the county's data is secure -- whether at rest or in motion. L.A. County is in the midst of a three-phase attempt to lock down sensitive data throughout its 38 departments, which operate in more than 70 separate geographic locations.
L.A. County's security challenges match those of many corporations. Each department -- whether it be the Department of Social Services, prosecutor and public defender offices, Animal Welfare, or the Department of Mental Health -- has its own set of unique security demands. Some departments don't handle sensitive data, unlike those that manage legal or patient health records. And as laws surrounding regulatory compliance grow more complex, and the number of publicly disclosed breaches through lost notebook computers and USB-drives escalates, the county decided it would pursue a long-term strategy to effectively lock down all of its sensitive data.