Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Jaikumar Vijayan

Second Take

So, encrypt already

7 comments

TAGS:Administaff, data, Home Depot, laptops, lost, TSA
IT TOPICS:Security

In recent days, the Transportation Security Administration (TSA), Home Depot and Administaff have managed to join an ignominious list of organizations that have lost laptops containing sensitive and personally identifiable information.

None of them apparently had encrypted their data to protect against a breach in the event the systems were lost or stolen. This year alone, there have been more than 60 separate incidents involving potential data compromises resulting from lost or stolen laptops and desktop computers, according to the Privacy Rights Clearinghouse (PRC), which maintains a chronological list of data breaches starting around the ChoicePoint incident (remember that?) in 2005. That number represents more than 20% of the 270 or so disclosed data breaches listed on the PRC web site since January this year.

According to most security analysts I speak to, it's baffling really why none of these organizations thought about encrypting the data on these systems before the incidents happened. The analysts are baffled. I'm baffled. What part of encryption don't companies get? From what I can gather, data encryption these days is a fairly straightforward thing to do and not quite as hard to manage as it was a few years ago. There are any number of vendors in the market offering everything from whole disk encryption to file, folder and field-level encryption capabilities -- all of which can be implemented without the user having to do anything about it or even knowing about it.

Sure there's a cost, especially for large organizations with tens of thousands of systems that may need to be protected. But, say the analysts, it's far better to invest in prevention than to spend a whole lot more on clean-up. It's that whole "ounce of prevention" thing. Sage advice.

So why is it that so many organizations have still not implemented encryption, at least on their laptops and other mobile devices? Laptop losses aren't exactly rare. And it's not like companies have much choice left any longer anyway. Industry standards such as the Payment Card Industry data security standard and rules in several states explicitly require companies to use encryption for protecting data.

I'm willing to bet anything that each of the organizations that suffered data compromises from lost laptops and desktops had antivirus tools and firewalls and anti-spyware tools protecting the data. These tools are a given now. It's the basic cost of entry, if you will, to own a laptop or any device that connects to the Internet. But such tools don't buy any protection against system loss or theft. So isn't it well past time to start thinking of encryption in the same way that companies think about anti-virus and other desktop protection tools and just implement it already? To paraphrase the old Nike shoe ad: Just do it.

Email this

Digg this

What People Are Saying

Add new comment

These folks need to read

Submitted by Dave292 on October 20, 2007 - 1:09 P.M.

These folks need to read "I.T. Wars: Managing the Business-Technology Weave in the New Millennium." It's the best, leading-edge, voice for preventing business exposures and liabilities in the face of rapidly expanding technology... your people will thank you for making this book required reading at your organization.

Reply | Report this comment

Theres just no

Submitted by Doug Woodall on October 20, 2007 - 10:39 A.M.

Theres just no accountability where these issues are concerned. Its just easier not to.

Reply | Report this comment

Let's face it, the problem

Submitted by Anonymous on October 20, 2007 - 8:03 A.M.

Let's face it, the problem is the users, not the technology. Give a monkey a stick and their just as libel to poke their eye out as they are to dig a grub out of the ground...

"My 5gigs of super important data is in an encrypted volume and I've forgotten my password... can't you just decrypt it like they do on CSI?!?"

Um, no... sorry, I left my 512 qbit quantum computer at home...

All kidding aside, as important as encryption is, what is equally important is clear rules about where data is stored. Things like databases full of SSN numbers shouldn't be stored on a laptop, period.

Reply | Report this comment

On many corp laptops, the

Submitted by Anonymous on October 19, 2007 - 10:16 P.M.

On many corp laptops, the really important thing is cached email, i.e. Outlook, etc. Is a 500MB encrypted mail store really workable, performance wise? Better a small fusion device, set to go off after 5 bad passwords. No laptop! No problem! Well, admittedly perhaps some Edward Tellerish collateral damage....

Reply | Report this comment

Sure, there is on demand

Submitted by Anonymous on October 19, 2007 - 10:15 P.M.

Sure, there is on demand encryption in XP....but when was the last time you ran an on-demand virus scan..every time you updated any file on your system?

yup...never.

Whole disk encryption is the key for these places, or better yet...proper policies better enforced, such as not storing sensitive data on the local machines.

More importantly, if you think you built the wall no one can get in...you're an idiot. Its all a matter or prolonging the incident.

Reply | Report this comment

There really isn't a "cost"

Submitted by Anonymous on October 19, 2007 - 9:03 P.M.

There really isn't a "cost" associated with encryption...

Windows XP Professional... Right click on a folder... Properties... Advanced... Encrypt.

OMG that was hard!

That combined with reasonably strong passwords are enough to keep all but the most dedicated crackers out.

Reply | Report this comment

Compusec is FREE, even for

Submitted by Anonymous on October 19, 2007 - 9:02 P.M.

Compusec is FREE, even for professional use ... geeze ... I encrypt my personal laptop

http://www.ce-infosys.com/english/downloads/free_compusec/index.html

Reply | Report this comment

Oops, more "lost" data

Here we go again, personal data set free

Back up and back it up!

It's your data, keep it safe!

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Jaikumar Vijayan's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

So, encrypt already

What People Are Saying

These folks need to read

Theres just no

Let's face it, the problem

On many corp laptops, the

Sure, there is on demand

There really isn't a "cost"

Compusec is FREE, even for

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Jaikumar Vijayan's Archive

IT Topics

Sponsored Links