by Neil MacDonald | June 25, 2009 | Comments Off on Oops, I Spoke Too Soon.
In my previous post, I talked about the need to encrypt all desktop and server direct attached storage for protection of the data over the lifecycle of the machine, including retirement. In this post, I made this statement in passing:
Most of us know by now that encryption of mobile laptops should be considered mandatory.
The same day I wrote this, I saw this story:
On Tuesday Cornell informed more than 45,000 current and former members of the University community that their sensitive personal information — including name and social security number — had been exposed when a University-owned laptop was stolen earlier this month.
and further down in the article
The files on the computer containing the names and social security numbers were not encrypted and the laptop was left in a physically unsecure environment, which violates University policy, according to Simeon Moss ’73, director of Cornell University Press Relations
I guess that there are a few of us out there that still have unencrypted laptops running around.
Don’t become headline fodder. If you haven’t already encrypted all laptops, this must be on your “to do” list to complete in 2009. Prices have more than halved in the past several years. If you are are one of the few enterprises using Windows Vista and paying for software assurance, you get this for “free” with BitLocker. More importantly, Endpoint Protection Platform vendors such as McAfee, Sophos and Check Point also offer full drive encryption and will often aggressively bundle this in an endpoint protection deal at little or no cost.
There’s really no excuse for unencrypted laptops to still be an issue and the attractiveness for theft makes this a higher priority than fixed desktops and servers I talked about yesterday.
Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer
As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.