In my previous post, I talked about the need to encrypt all desktop and server direct attached storage for protection of the data over the lifecycle of the machine, including retirement. In this post, I made this statement in passing:
Most of us know by now that encryption of mobile laptops should be considered mandatory.
The same day I wrote this, I saw this story:
On Tuesday Cornell informed more than 45,000 current and former members of the University community that their sensitive personal information — including name and social security number — had been exposed when a University-owned laptop was stolen earlier this month.
and further down in the article
The files on the computer containing the names and social security numbers were not encrypted and the laptop was left in a physically unsecure environment, which violates University policy, according to Simeon Moss ‘73, director of Cornell University Press Relations
I guess that there are a few of us out there that still have unencrypted laptops running around.
Don’t become headline fodder. If you haven’t already encrypted all laptops, this must be on your “to do” list to complete in 2009. Prices have more than halved in the past several years. If you are are one of the few enterprises using Windows Vista and paying for software assurance, you get this for “free” with BitLocker. More importantly, Endpoint Protection Platform vendors such as McAfee, Sophos and Check Point also offer full drive encryption and will often aggressively bundle this in an endpoint protection deal at little or no cost.
There’s really no excuse for unencrypted laptops to still be an issue and the attractiveness for theft makes this a higher priority than fixed desktops and servers I talked about yesterday.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment