Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

'At-Rest Data-Leakage': The Euphemism

By Phil Factor,

I was at the local municipal dump the other day, throwing out all my rubbish. I like to keep my rubbish until all chance of it proving to be valuable has vanished. Sadly, that Hitachi laptop from the late nineties had to go, though that Cromemco from the late seventies remained secure from the crusher, for sentimental reasons.  As I stood back to hurl the laptop into the municipal skip, with a muttered farewell to an old friend, the supervisor took it firmly from me and placed it reverentially in a portakabin with a lot of other IT equipment.

I wondered why. ‘Does this go for recycling in China to extract the gold?’ I asked

‘not worth it, mate, but the hard drives fetch a bit.’

It wasn’t until I was half way home that it hit me. There are no useful metals in a disk drive. Why would anyone want hard disks from old laptops? The most valuable thing would be the data. Somehow, one keeps passwords, browser history, personal accounts and all sorts of clues as to one’s identity, possibly even confidential information from work.  So this is what we call ‘at-rest data leakage’.   When old archived information is stored on a PC, network, or on a backup system, and left unused in storage, then it can be retrieved easily because it is out of sight, and out of mind, of the security experts.

It set me thinking. How efficient are we generally about ensuring that any redundant equipment with data on it can never subsequently be read after it is disposed?  It always surprises me to meet people who are unaware that SQL Server files and backups can be read by anyone unless they are encrypted. We are lulled into a false sense of security by the fact that it is hard to circumvent the security system of a live database whereas it is easy to read the data files. The front door is locked and bolted, whereas the back door is flapping open.  If you let working drives leave the building in a readable state, you’re unintentionally in the publishing business.

Total article views: 84 | Views in the last 30 days: 1
Related Articles

The $90,000 Laptop

The payment for a lost laptop: $90,000.



Newbie DBA Looking for advice on Laptop for SQL learning!


Laptop Boy Scouts

This editorial was originally published on Jan 10, 2007. Steve is at DevConnections, so it is being ...


The Laptop is Back

I finally got my laptop today. I had to drive to the local Shell gas station to get it, but...


Netbook Replacing a Laptop

My laptop died recently, actually died completely, unable to boot. The hard drive was fine, and I ma...

database weekly