The Wired Blog highlights research conducted by the Electronic Frontier Foundation and Princeton University have discovered a way to circumvent full disk encryption on computers, even when they are turned off.
It appears that the contents of in memory can linger on in RAM from where the encryption key can be copied from. The lenght of time the contents remain in RAM before they fade depends on the brand of computer/RAM you use. The fading effect can be slowed down significantly by cooling the RAM chips before cutting the power to the machine.
The research paper is an interesting read, and for those of you with shorter attention span there is a summary of the paper available on YouTube.
This research strengthens the argument that we need to better manage and control where our sensitive data resides. If it is not on your central servers then what controls and mechanisms have you in place to ensure the security of that data is maintained? Once data starts to spread onto desktops, laptops, USB keys and home computers you increase the target area for the criminals. If data has no legitimate business reason to be on certain devices then securely remove it. If there is a legitimate business reason then ensure the appropriate controls are in place to counter the risks posed.
Information security is a constantly changing landscape. This makes the field such an interesting, yet very challenging one to work in. This may not be the first type of attack that encrypted data at rest may face and we need to ensure that we are constantly looking at new and innovative ways to protect our systems and data. You also need to realise that you may not protect against all possible attacks, so you should ensure that your incident response plan is constantly updated, tested and reviewed because at some stage you are going to need it.