TECHNICALITIES

NARA's missing hard drive shouldn't cloud the security issue

Since May, the National Archives and Records Administration has been offering a $50,000 reward for the return of a Clinton administration hard drive that went missing from NARA’s complex in College Park, Md., some time during the winter. NARA’s inspector general has launched a criminal investigation.

The records on the drive include an estimated 100,000 Social Security numbers, including those of some Clinton staff members, White House visitors and one of former Vice President Al Gore’s daughters. So there is cause for concern, though not for overreaction.

The loss of the hard drive — one of a growing list of data losses suffered by NARA and other agencies — has prompted some to wonder whether data might be safer in the cloud.

It’s just speculation, of course, and no one is pretending that the cloud is secure enough for sensitive data. The larger issue isn’t where data is kept but how. NARA’s missing hard drive was a copy — the agency still has the original tapes and a backup hard drive. So the problem isn’t that NARA lost the data but that someone else might have it, which could happen with any storage system.

It reinforces the old saw that security is diligence. There are no inherently safe places to keep data, only safe practices for doing so.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Fri, Jul 10, 2009 MadWhiteHatter Maryland

The hard drive issue wasn't a failure of information security but rather physical security. Millions of dollars invested in IT can still fall victim to a relaxed guard making $15-20 an hour. Disgruntled admins working on the cloud could steal data too.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above