The silver bullet for privacy breaches

I know I'm not the only one annoyed by these frequent and seemingly disastrous data security breaches, endangering millions of people's private data. I get lots of questions all the time asking how to fix the problem.

I was a bit perplexed, so I took some time off to do some big thinking about it. There's nothing like a week on the beach to codify your thinking. After a bout of sunscreen in the eyes and probably one too many drinks with those little umbrellas, the answer became crystal clear.

Sell all of your laptops. And while you're at it, get rid of most of your employees. When you think about it, the single most significant contributor to these consistent privacy breaches is mobility. The second biggest issue is the people themselves. So if you take away their mobility and fire a large portion of them, the likelihood that you'd be breached goes down dramatically, no?

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I know I'm not the only one annoyed by these frequent and seemingly disastrous data security breaches, endangering millions of people's private data. I get lots of questions all the time asking how to fix the problem.

I was a bit perplexed, so I took some time off to do some big thinking about it. There's nothing like a week on the beach to codify your thinking. After a bout of sunscreen in the eyes and probably one too many drinks with those little umbrellas, the answer became crystal clear.

Sell all of your laptops. And while you're at it, get rid of most of your employees. When you think about it, the single most significant contributor to these consistent privacy breaches is mobility. The second biggest issue is the people themselves. So if you take away their mobility and fire a large portion of them, the likelihood that you'd be breached goes down dramatically, no?

You think I'm kidding, right? How many of these data breaches are a result of stolen laptops? Probably 80% - and the other 20% are a direct result of the stupidity of employees for putting private data on home machines or falling prey to sophomoric social engineering attacks.

So if all the employees are gone, then you are not vulnerable to social engineering attacks. If you have no employees, then you don't need laptops either. Man, those drinks taste yummy. Cabana person, bring me another five or six - I'm on a roll here.

You say you need those employees, eh? Getting rid of all your laptops isn't an option either? My master plan is pretty much screwed.

So I guess there is NO SILVER BULLET. Drat, foiled again! But what you CAN do is to try to tighten up the security around these two most significant leakage points, the laptops and the people.

These answers are clearly Band-Aids until we can redesign applications with persistent data security in mind. Knowing where all data is at all times and having the ability to restrict access and encrypt sensitive data is the long-term answer. This is what I call "information security," but it's long-term, meaning seven years - at least.

In the meantime, you need to close the exposure points. First, make sure private data doesn't get down to laptops and USB ports. To make this happen, you need tighter database security (including better access control and auditing on the data stores). For those that have a legitimate business reason to have private information on a machine that leaves the premises, lock down their machine. Whole-disk encryption is a start. An enterprise-class policy-driven mechanism to selectively encrypt sensitive data and enforce endpoint security is optimal.

Secondly, train your folks better. I've found that most employees don't realize they are doing anything wrong. They are trying to be more diligent by taking records home, so they can get work done after hours. Folks think it's useful to use actual data when meeting with the customer to show them what is going on. These folks don't know any better because we don't tell them.