Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

03:25 PM
Nathan Conz
Connect Directly
RSS
E-Mail
50%
50%

Vulnerability in Encrypted Info

Having just written about how insurers' view information security, I took special interest in a recent New York Times article, entitled Researchers Find Way to Steal Encrypted Data, that reported that a Princeton University group has discovered a frighteningly simple way to steal encrypted data stored on computer hard disks. You know, like the encrypted data that some insurance carrier employees have on their laptops.

Having just written about how insurers' view information security, I took special interest in a recent New York Times article, entitled Researchers Find Way to Steal Encrypted Data, that reported that a Princeton University group has discovered a frighteningly simple way to steal encrypted data stored on computer hard disks. You know, like the encrypted data that some insurance carrier employees have on their laptops.

from the New York Times:

The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.

...

The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer's electrical power is shut off, the data, including the keys, is supposed to disappear.

This got me thinking about something WellPoint vice president and chief security officer Shamla Naidoo told me when I spoke with her for my recent feature: "What we see as challenges today may no longer have the same priority in three to five years if insurers find there are new risks they haven't considered yet."

Could this recent news regarding the vulnerability of encrypted data be one of the new risks to which Naidoo was referring?

Whenever I interview insurers about new mobile initiatives, including those that involve laptops, I always ask how they plan to keep their customers' private information secure. And 99% percent of the time, the only security measure that's in place is encryption.

That used to be enough, it seems, but perhaps that's not the case anymore. A few insurers have already taken the next steps to secure sensitive data on laptops and mobile devices. Some have the capability to remotely wipe a device that is reported stolen or missing. Others have leveraged biometrics to make it exceedingly more difficult to access a device.

Hopefully, others will follow suit. There are many technology areas where it is advantageous for a carrier to be proactive rather than reactive, but none where it is more critical than information security.Having just written about how insurers' view information security, I took special interest in a recent New York Times article, entitled Researchers Find Way to Steal Encrypted Data, that reported that a Princeton University group has discovered a frighteningly simple way to steal encrypted data stored on computer hard disks. You know, like the encrypted data that some insurance carrier employees have on their laptops.

Register for Insurance & Technology Newsletters
Slideshows
More Slideshows
Video
All Videos