Having just written about how insurers' view information security, I took special interest in a recent New York Times article, entitled Researchers Find Way to Steal Encrypted Data, that reported that a Princeton University group has discovered a frighteningly simple way to steal encrypted data stored on computer hard disks. You know, like the encrypted data that some insurance carrier employees have on their laptops.

from the New York Times:

The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.

...

The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer's electrical power is shut off, the data, including the keys, is supposed to disappear.

This got me thinking about something WellPoint vice president and chief security officer Shamla Naidoo told me when I spoke with her for my recent feature: "What we see as challenges today may no longer have the same priority in three to five years if insurers find there are new risks they haven't considered yet."

Could this recent news regarding the vulnerability of encrypted data be one of the new risks to which Naidoo was referring?

Whenever I interview insurers about new mobile initiatives, including those that involve laptops, I always ask how they plan to keep their customers' private information secure. And 99% percent of the time, the only security measure that's in place is encryption.

That used to be enough, it seems, but perhaps that's not the case anymore. A few insurers have already taken the next steps to secure sensitive data on laptops and mobile devices. Some have the capability to remotely wipe a device that is reported stolen or missing. Others have leveraged biometrics to make it exceedingly more difficult to access a device.

Hopefully, others will follow suit. There are many technology areas where it is advantageous for a carrier to be proactive rather than reactive, but none where it is more critical than information security.

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in the message center do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this forum becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: The Message Center is NOT intended for commercial messages or solicitations of business.