Your evil copy machine wants to eat your head
Tuesday, May 18, 2010 at 09:28AM
Jeff the IAM Guy in copier copy machine data database encryption

When it comes to protecting unstructured data, usually I'm telling people about sophisticated solutions such as the Oracle Information Rights Management tool (as opposed to the the structured stuff, for which I'm explaining how to use Data Masking or Data Encryption). In other words, I'm covering the enterprise, even against Really Stupid Stuff like misplaced thumb drives or even entire laptops. While visiting a customer in Indiana this past winter, everything came to a crashing halt when they received a call about an employee who lost her data-infested Dell in an airport.

But what about the Fred Flintstone problems, the Even Dumber Than That kinds of breaches? There's been a whole lot of coverage lately about copy machines and the risk they pose to privacy because most modern copiers contain a hard drive that actually replicates all documents scanned on them. Private, sensitive information is retained by these evil devices. Many of these machines are subsequently resold, and even shipped overseas. These hard drives can be recovered, and the documents easily recreated. It's actually pretty frightening.

What's even more frightening is that so many people have been completely unaware of this for the last umpteen years. Police departments, insurance companies, doctors' offices, money laundering rings, they all have these things. Didn't they know what they were getting when they bought them? Didn't they READ THE MANUAL?

In the interest of data protection the whole world over, I will now provide the CORRECT OPINION on how to deal with this security hole.

1) Blow it up. Instead of reselling that old copier for chump change (typically the low hundreds), take it in your back yard and strap a bunch of fireworks to it. Invite the neighbors.

2) Make a bar out of it. Put it in your basement and serve drinks on it. If your friends are anything like mine, they'll be spilling crap all over it and ruining that hard drive in a hurry, anyway.

3) Have my wife's cousin threaten to marry it. We always say she's a vampire, because she's sucked the life out of multiple husbands. When we go to visit, the current husband just stands on the lawn, drained of color, and when he sees that his wife's not looking, he whispers to his guests, "Kill me." If she threatens to marry your copier, it will grow legs and fling itself into the nearest canal, taking its precious data trove with it.

4) Use the built-in option and erase the data. No kidding, I'm not sure why this is news. Whenever one of the bad guys captured Batman, he'd hook him up to a giant exploding layer cake, or hang him over a pit of snakes, or devise some other ridiculously exotic death trap from which he'd ultmately escape, instead of just frigging SHOOTING him. Remember Occam's Razor. The easiest explanation is the most likely. In this case, the easiest solution is the most useful. Stop whining about a problem everybody should have been aware of yeeeeears ago.

 

Article originally appeared on Identity and Access Management Framework Book (http://identityaccessmanagementframework.com/).
See website for complete article licensing information.