In this case, it’s a nightmare on Seventh Street! These are the types of things that give me nightmares and I walked into a total nightmare factory:

Wiring closets are open on every floor and every floor has a managed switch and/or router sitting in the closet.

Servers behind unlocked and open doors because shutting the door makes the room too hot and the servers shut down.

Contractors putting in new floors in the server closet and I have no access control.

Backups to external USB drives that anyone in the unlocked closets could walk off with and backups have been intermittent.

Staff laptops are not using encryption.

The good news is that I have corrected some of these things, so I now sleep much better at night!

• The wiring closets are now locked.
• Core switch and servers are now behind locked door and cooling has been installed.
• Barracuda backup server installed and all servers are being backed up with critical data backed up every two hours and sent to the cloud.
• Data structure standardization initiative in progress which includes backup/encryption for staff laptops.

I have to say that the organization is now probably more secure than they have ever been, thanks to my efforts and the efforts of the IT staff at the other locations. Good thing is, we have corporate backing on these efforts. It’s nice to know you have the power to make a difference and get things done.

Well, alright, but consider this from their privacy policy:

Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

So, Dropbox has the keys to the kingdom unless you encrypt the files yourself before uploading. And anyone on their staff, by extension, can decrypt your data. Not good.

If you want to maintain your security and privacy, pre-encrypt everything you intend to store in the cloud. If all the service has is pseudo-random noise in the first place, that it all anyone will get.

Trust no one when it comes to your data.

Hack on e-commerce co. exposes records for 200,000

Swiss HSBC data breach victim count trebles

London council loses thousands of kids’ details

Shell hit by massive data breach

Now, I ask you: If the stolen data had been encrypted, none of these incidents would be of much concern, would they? Certainly not; the data would be useless to the thieves because it would be just so much white noise. So, this being the case, why isn’t all sensitive data everywhere encrypted? For that matter, just encrypt everything all the time. Unfortunately, it’s not quite that simple.

Encryption adds processing overhead. Encryption key security is an issue. Systems that need to access the encrypted data need access to the key.  Then there’s the danger of forgetting or losing the encryption key thereby rendering the data completely useless. None of these issues is a good reason not to use encryption; however, they do present challenges that make broad use of encryption difficult to implement in large organizations.

Short of encrypting every hard drive everywhere (which would be a major nightmare to implement), at least every database that contains any sensitive information should be stored on encrypted partitions or drives.

So why isn’t everyone doing it?

Comments, please.

While it’s not possible to provide the physical security of a bank vault on a laptop or other portable storage device, it is possible to protect the information itself with encryption so that only authorized persons can access it.  Take the bank’s physical security out of the mix for a moment, making it possible for someone to walk right into the vault; they still can’t unlock your box without access to the bank’s key and your key. Similarly, encryption requires two keys: the encryption key and a passphrase; without both, the encrypted volume won’t open.

One could say, therefore, that an encrypted volume is a virtual safe deposit box for your valuable data.