ITsecurity
twitter facebook rss

Data loss?

Posted by on March 18, 2015.

I got a USB (aka jump, aka thumb) drive (aka stick, aka key) for free from a vendor at a conference a couple of days ago.  The thing is so small it comes with a little loop of string so you can attach it to something and not lose it.  Gloria wanted to know what size it was.

(No, I’m not going to talk about the dangers of strange USB keys.  Today, anyway.)

It’s four gigabytes.

(Gloria wanted to know how that compared to my first personal computer.  My first DOS machine had a 20 megabyte hard drive, so this little thing I could lose in my pocket has 200 times the storage capacity.  Actually, that wasn’t the first computer I owned, but comparing this stick to a 140 kilobyte floppy is just ridiculous.)

You can get USB drives that are physically smaller.  You can get 64G MicroSD cards these days, and I’m sure you can get specialty drives that store more and are only limited by the size of the connector.

I also have at least a dozen “cloud drives.”  You know, Dropbox, OneDrive, Sync, Google Drive, younited, etc.  All are free, and I think the smallest such “drive” is 5 gigs.

You can store an awful lot in a gigabyte.  I’ve got an old Kindle with only about that capacity, and it’s got five different versions of the Bible, the complete works of Shakespeare, all of the original Tom Swift books, and 1,400 other titles besides.

It’s likely that the most important databases in your company would all fit into less than 100 megabytes.  Oh, I’m sure you may have larger databases.  I remember a conversation with one admin in a company that had a database of only 20 megabytes.  The log file for the accesses to that database generated 100 megabytes of data every day, but the actual database itself was only 20 megabytes.  The important stuff; the customer files, the intellectual property, the accounts, and even payroll; should all fit into a gigabyte, probably with lots of space to spare.

This makes it easy for someone to access your most vital data, and walk out with it.  Or simply send it to the cloud and access it at leisure.  Yes, that’s a danger.  But it’s not the only one.

You can walk out with your entire company’s data in your pocket.  Your employees can send a copy out to a cloud drive for reference at a client site on a sales call.  The research department can get tired of waiting for the backup unit that they’ve been promised and simply make a copy for safe keeping.  In each of those instances, the data goes beyond your protection, and may become accessible to attackers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Rob Slade, Security |