Q

Risk prioritization: DLP for data loss or laptop full disk encryption?

With a limited IT security budget, it's often necessary to undergo risk prioritization and make difficult choices. In this expert response, Ernie Hayden discusses whether it's better to deploy a DLP tool for data loss or laptop full disk encryption.

I have a question about risk prioritization. We have executives with sensitive information on their laptops, and we also recently had an incident in which an employee was caught leaking data (he was subsequently fired). I'd like to deploy a DLP product to combat potential future data leaks as well as full disk encryption and remote wipe software on all our executives' laptops (a sizeable number), but can only get funding for one. Which would you recommend?

Great question and one that I can appreciate! There are many opinions on the risk prioritization and analysis debate,

but I tend to side with the technology that will address the higher probability risk in the easiest manner. My choice would be full-disk encryption for all laptops across the organization.

My reasons for this are rather broad, but, in my experience with full disk encryption, it is a fairly robust and mature technology. Also, it is moderately transparent to the user, which means that there are few buttons or options the user needs to remember when running the machine. For comparison, my experience with data loss prevention (DLP) technologies is that they are more useful for protecting sensitive data in enterprise-wide email and other outgoing electronic messaging, but that would not necessarily address the laptop security problem.

In April 2009, Ponemon Institute issued a report called "Business Risk of a Lost Laptop." The report included the results from a Web survey of 3,100 information technology practitioners around the world, including the U.S., U.K., Germany and Brazil.

The report asked those surveyed at what locations employees commonly lose their laptops. The list, in general order from highest to lowest, was:

  • Hotel
  • Rental car
  • Conference or event
  • Airport
  • Home location
  • Taxi
  • Train or subway
  • Customer office

This list strikes me as interesting, because you probably have executives with their laptops at one or all of these locations during the week (and weekend). Hence, the risk of losing a laptop seems pretty high, which means full disk encryption may be the easier and quicker solution to a real, impending risk.

For more information:

This was first published in February 2010

Dig deeper on Enterprise Risk Management: Metrics and Assessments

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close