If you're like me, while reading one of the Lifehacker posts about securing your laptop hard drive and before you know it the “what about the WiFi, and What about my data on web apps” feeling hit you. The next thing you know, you have ten to twenty tabs open in your browser, with all very good information that you want to implement and no time to do it before moving on to the next priority in your day? Did you do as I found myself doing, bookmarking all those pages thinking you would come back to them only to find you forgot where in your bookmarks you put them or worse you forgot about the project?
Organizing Your Thoughts and Places Your Data Needs to be Protected
Well, I have and I figured that it would be easier to have one post with the links and the order I wanted to implement them. I did this when I started thinking about encrypting my hard drive. I wanted a complete list of all of the data security posts in one place. What follows is the list I compiled.
I will be posting this list in four parts explaining the thought process behind each so that you can implement as you see fit. The fifth and last post will to link them all together, like an index. Today we will focus on organizing and collecting your data locations to make it easier to decide what approach to use for a specific type of data.
UNDERSTANDING AND ORGANIZING YOUR DATA
First, I wanted to have some sort of framework with which to organize my thoughts and having been TEMPEST qualified in the military I decided to use an analogy that I used then.
The three states of data
- Data at rest
- Data in motion
- Data in use
- In addition, several debatable definitions that just makes pigeonholes for everything else.
This approach worked fine for the type of work I was doing then, but things have changed so I wanted to think in terms of things in more useful manner. The current states of data is so complicated that to me it was virtually unusable when considering your average user was not trying to hide data from enemy governments or secure corporate networks, etc. I had to think this through and decided that what would simplify matters was something similar with only three definitions to deal with. Therefore, what I came up with was something everyone knows about from elementary school science class and that was “The Three States of Matter”.
Let’s use the matter H20 known commonly as water to clarify,
- Water in solid form is ice, it is not moving within itself or changing shape, and for our purposes, it is like data on a drive, which is static, not written to or changed. We can hold the device in our hand.
- Water in liquid form is well, water; it is moving but is constrained within itself. For our need of definition, it is similar to data in an Ethernet cable. We will include radio-transmitted data such as WiFi think of it as water flowing through a pipe from one place to another.
- Water in gas form is clouds, how convenient I know this would be data not in our control and you guessed it in the Internet cloud.
We as the everyday user cannot easily secure our data when it is being manipulated because it is cost/time prohibitive to do so effectively so that data will be excluded. If you feel that you need that much security for your data then I suggest you hire someone that specializes in that type of security and accept that this post is not for you.
So, to simplify, use three definitions to classify all of your data locations
The three states of matter:
- Solid: data at rest in your control low risk
- Liquid: This is data in motion, moving from one location to another, or in transit. The web, Ethernet WiFi, transmitted.
- Gas: This is data in the cloud, not in your control, and not your personal physical drives. ( more on this in part 4)
LISTING YOUR LOCATIONS
Using these three states as a way to organize the information, make a list similar to mine:
When data is in solid form: (in no particular order)
- Laptop hard drives=1
- Desktop hard drives=2
- Do you have any network attached drives at home?
- Do you have any servers at home?
Portable drives (include USB and Firewire)
- Desktop USB storage drive=1
- Portable drive USB=1
- USB flash drives=6
When data is in liquid form: (For this section, I am purposely leaving USB, Firewire out of the equation.)
- Infrared port
- Phone/modem connection
- Ethernet cat 5
- Applications such as browsers ( grouped together)
- Ethernet cat 5
- Applications such as browsers (grouped together)
- Ethernet cat 5
When data is in gas form: (cloud) list out your individual services you use
Make this list as complete as you can, the more complete your list is, the greater your chances of making your data secure. You might want to use a notepad or binder to save this information for future reference. Save the list for part 2 when we will use it to secure our “solid” data.