Secure Data Management

Confidential data

Here are some examples of confidential data.

  • Personal and business addresses.
  • Financial account attributes for banking, credit cards, insurance, trading.
  • Online account attributes: URLs, userid’s, passwords, PINs.
  • Online, credit card, checking payment info.
  • Medical records: appointments, proscriptions, test results.
  • System and application configuration info: server names, IP addresses, path names.
  • PGP encryption keys.
  • System and application process descriptions and notes.
  • PDA conduit files for the above.

Handling limitations
  • Cannot be transferred over unsecured Internet connections and by unencrypted e-mail.
  • Cannot be hosted on open unsecured Web servers like Yahoo geocities.
  • Cannot be hosted on generally accessable LAN servers and workstations.
  • Cannot be kept in unsecured databases without encryption.
  • Need protection during equipment and software upgrades, repairs and reconfigurations.

Secure storage

Storage type

Advantages

Risk

Notes

File folders
  • Helpful to separate confidential data from non-confidential.
  • Compromised by unauthorized LAN or Web access through connected servers and workstations.
  • When located on internal hard drives, compromised by unexpected unsecured repairs and upgrades.
    		•
  • Used both on desktops and laptops.

    • External disks and drives
    • Easily switched off main desktop or laptop to keep in a secure location – like earlier floppies.
    • External drives are treated basically as internal hard drives because they are fast and robust enough – unlike early floppies.
    • External disks are the best place for PDA conduit files to avoid synchronization problems.
    • Like floppies, can be attached to different computers.
    • Size of an external disk ranges from 100M for Iomega Zip drive to several GB – comparable with internal HD. Miniature disks can have 16M, 32M or 64M capacity.
  • Compromised by loss or theft – although the risk is less than for more portable PDAs.
  • More sensitive data (like credit card numbers) may need a secure application with password protection or encryption.
  • Compromised by unauthorized LAN or Web access through the host workstation.
    		•
  • Here are two external drives: Iomega Zip and Buslink USB.
  • Access to these drives needs proper driver installation.

    • PDAs
    • Protect data naturally because owners treat PDAs like wallets.
    • Unlike PCs and laptops, PDAs provide instant access to confidential data without delay for booting.
    • Confidential data are organized in standard PDA applications: Address Book, Memo Pad.
  • Highest risk of loss or theft. PDAs are as easy to loose as keys or wallets, so this risk cannot be ignored!
  • Standard PDA applications do not have password protection.
  • More sensitive data (like credit card numbers) need to be kept in a secure application with password protection or encryption.
  • Compromised by occasional synchronization to unsecured hard drive location.
    		•
  • Palm, Handspring, and Pocket PC are some of the most widespread PDAs. Secure access to PDA data needs proper conduit installation - preferrably with conduit files on an external drive.
  • These are two secure PalmOS applications that support password protection: SpalshID organizer, Handbase database.