In January, a major Canadian hospital lost a laptop that contained the names of more than 1,500 kids and their personal medical information. The information isnt dangerous, but it sure is private. You shouldnt be compromised in any way just because someone stole a laptop out of a doctors car.
This loss was made public in late February, just as we were in the middle of a cold snap. Theres nothing like a scandal to warm things up.
The Canadian Privacy Office issued a statement mandating that no data will be removed from any hospital without being encrypted first.
Can you hear the IT boys scrambling? Was the laptop hospital issue? Was the doctor even aware of the security risk he ran when he left the laptop out in the cold? That information is not clear, but it is clear that everyone was scrambling to cover their behinds.
Whats the real deal here? Its not the fact that someone might know that Johnny needs four shots of insulin a day and has contracted a mild case of pneumonia. Whats at stake is the data: Its mine.
The fallout from this has been, to me, weird. Public companies such as Absolute Software are benefiting from the FUD (fear, uncertainty and doubt) factor. This company provides a software service that can delete all software from a stolen computer/hard drive. Thats good. However, if the data is encrypted, you dont need them, right?
In addition, it seemed like they could put GPS-like tracking software on a stolen computer as well, so the authorities could apprehend the culprit and recover the data. Its not GPS software, but Ive had three people tell me it is because they can find and recover your computer.
I went to the Absolute website, and now I get it. Make sure that the information is scarce, and the FUD is high. Thatll do it.
Another company from Germany announced at CeBIT in March that theyll be providing encrypted data on a USB key device. It claims that, without your password, the data is safe.
Im not declaring that encryption isnt safe, but its only software. I wonder how much dough an insider could make by selling the algorithms to the competition? But waitdata would have to leave the office then. Couldnt happen?
Absolute Software says most laptops that are stolen are quickly connected to the Internet. In fact, they say, the stolen computer must be online within 60 days for Absolute to be able to track, locate, or delete your sensitive data. Would you pay for this?
Now, if I stole a laptop for its contents, the last thing I would do was connect it to the Internet. The hard drive would be out and set up as a data drive faster than you could say Jack Robinson.
The data on a machine builders portable devices isnt any less important than a childs medical history, and it has a unique property. Its your intellectual property. This is your business.
Teknion, an office furniture builder, used to e-mail engineering drawings to India so the staff there could work on source drawings. Now they use Route1s MobiKey, which allows the Indian engineers to work on the source drawings, but the data stays behind the firewall in Canadafile transfer is not allowed.
No as-built drawings, no IP loss. Printing is controlled as well.
Data does not need to leave the office. Your intellectual property can be safe, and your business can be safe.
As a machine builder, you probably provide intellectual property to some, or maybe all, of your customers in the form of PLC programs, CNC profiles, motion profiles, mechanical as-built drawings.
If my memory serves me well, Im pretty sure that Allen-Bradley first put CARs (custom application routines) into PLCs, so OEMs could create custom software to protect their IP. I always thought it was a cash grab because you had to buy the software development kit. But nowwhen data has to leave the officeit makes more sense.
Custom motion curves embedded in controllers would protect a machine builders research to some extent.
When the data doesnt absolutely have to leave your control, you leave the data where it is. When data absolutely has to leave, then you protect it. As with all other activities, dont react; instead, plan and implement.