MANTRA – Ellie Bates – What to consider when dealing with sensitive data encryption

MANTRA – Ellie Bates – What to consider when dealing with sensitive data encryption


One of the things, obviously, you need to
consider when you are using encryption is… who actually has a backup of the password
you’re using for the encryption? Because actually if you’re the only
person who knows that password,… [you want that]… you want as few people
to know that as possible,… but on the other hand, if you’re the
only person who knows it,… if for some reason you forget it,… you’ve got a huge problem yourself,… or if for some reason somebody has to,
for an emergency purpose,… access your data, it’s very unlikely to happen,
without you being available,… Then, how would that happen?
What would happen, if you suddenly became very ill… or something like that, and for some reason your
data had to be accessed or something like that. What would you do? Well, the way I’ve got around that is that
I actually have a copy of the password… in an envelope, which is sealed and signed across the seal,
and given it to my supervisors… and one supervisor keeps it in a safe.
So, should they absolutely have to access my data,… they can’t do it without getting special permission
from IT services to get into my account… which they would get in an emergency situation
but not otherwise. They can access the encryption… and again, I think in my proposal
I made it clear that… they could have access to the data,
so the fact that someone else does… have access to the encryption key,
in this case I use an encryption password,… does mean that it’s accessible.
It’s also quite… sort of, I haven’t forgotten… the password yet, but it is quite nice
for me to know that… there is a spare, because the
encryption algorithm I use,… if I forget the password, I can’t get in.
So, it is kind of important that there is a backup… somewhere, but again you need to think very carefully
about where’s that backup going to be kept… and how’s it going to be kept secure. In my case, the supervisors know
the directory it’s in,… they know the password, but the things are, sort of,
kept separately in a couple of envelopes. That’s the way that that can be accessed.
So I have a backup plan… so if you’re using encryption you need a backup
plan for getting to that encryption. You’d also need a securely held copy of what
password you’re using, but you need that kept… with as few people as possible, preferably one or two.

Leave a Reply

Your email address will not be published. Required fields are marked *