Op Ed: Identity Theft and Cloud Applications

Theft and loss of laptops is currently estimated to be more than 85,000 per year and rising dramatically 1. The incidence level is highest among research and education than in other industries 2. The recent report of Warren Country Community College exemplifies the problem of having confidential student data leaving campus on laptops — over 5,000 current and former students were in danger of experiencing identity theft with the college endangered by endless litigation. Encrypting or password protecting data on a laptop containing confidential information is little more than a minor hindrance to the “big business’ that has grown up around selling usable, confidential information on the open “identity market” 3. Microsoft’s much touted Windows 7 “Bitlocker” was cracked within months 4. Another view into just how easy it is to crack passwords and encryption is related in the story of a German man who cracked 160-bit SHA-1 Crypto (STRONG encryption) using an Amazon GPU he rented for $2.40 5.

Combine these facts with a common lack of knowledge on the part of employees that emailing documents containing confidential information is analogous to posting the information on a freeway billboard and we quickly uncover the timidly weak security inherrent in storing our documents on our personal computer and using desktop software like Microsoft Excel and Word.

Enter “Cloud Applications”, i.e., Google Docs, etc. Confidential information never leaves campus with the laptop, its secure in the cloud, yet accessible for all who have permission… from anywhere. Nothing need ever be emailed to a coworker, just shared in a secure environment that has never been broken. The only breach of security has occurred when users voluntarily remitted their passwords to “spear-fishing” scams. If you’re handling confidential information for the organization and keep copies on your laptop or emailing them to other users, don’t you think moving to Google docs is a really good idea?

1. The Billion Dollar Lost Laptop Study – 9/30/2010
2. ibid.
3. NJ.com – 11/4/2011: Laptop containing private student information stolen at Warren County Community College
4. Lifehacker: How to Break Into a Windows PC… – 10/28/2011
5. Infosecurity: SHA-1 CRYPTO Protocol Cracked… – 11/18/2010