Don't Be Asleep When Protecting Data at Rest

July 2008

Watching my Cousin Billy in my backyard lying in a hammock as I prepared for my 4th of July barbecue reminded me why protecting Data at the Rest (DAR) is so important. Data at rest is a lot like Billy. Most of the time it just sits around not doing much, but it will move and work if you prod it. But, it isn’t the lack of initiative that bothers me. It’s the potential for the loss of information that keeps me up at night.

Cousin Billy knows everything: all Major League Baseball player stats going back to 1964, every airline timetable and flight status— and all my personal finance information!?!? You see, Cousin Billy is also my accountant. A good one, too. However, when he’s not guarding my bottom line, he’s often just sitting around.

Cousin Billy is obviously very valuable to me. I can’t afford to let him out of my sight. He just knows too much about me. If he was kidnapped, my guess is he’d spill his guts about my life savings in a New York minute. In many ways I wish he were like my thumb drives. I can encrypt the information on them using Army-approved encryption technologies, of course.

I tried this once by taking Billy to a famous hypnotist who trained him to forget all my personal information until I snapped my fingers and said the word “succotash.” One day I forgot the word that unlocked Billy’s vast knowledge. I tried rutabaga, okra and parsnips. Nothing. He sat there mute. At least no one else was able to get the info, but Billy’s value to me went down the tubes.

Like I said, Billy is like DAR. There are three key things to remember. First, don’t lose it. Laptops, removable storage media such as thumb drives and external hard drives and data disks such as CDs and DVDs should be closely guarded when on the road and locked up when not in use. Second, just in case they are lost or stolen, all the data on them should be encrypted if possible. If the media cannot be encrypted, password-protect the data. Also, implement and enable Mobile Armor, as the currently approved DAR solution, on all mobile devices and removable media as applicable.

Lastly, don’t forget about “succotash.” There have been examples of people who dutifully encrypted information on storage media when heading to a briefing and then couldn’t remember how to access it in front of an increasingly restless audience. This obviously means that you should be fully trained on DAR policies and procedures both to protect data and to make it accessible to authorized personnel. This responsibility is important regardless of position or rank. Losing operational or personal data puts too much and too many at risk.

At any rate, I’ve learned not to mind that Cousin Billy doesn’t do much until I ask him. I just hope he never notices the ankle monitor I put on him while he was sleeping in the hammock.

The On Cyber Patrol© cartoon and supporting articles are created and made available by the U.S. Army’s Office of Information Assurance and Compliance, NETCOM, CIO/G6.  For more information on the OCP program or to submit ideas for upcoming cartoons/articles contact