This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
During its pilot, GWU emphasized communication. "I personally called the head of each department before we started," says Kim. Just two problems were encountered and both were aborted without data loss, instilling confidence required for a larger rollout. The pilot also produced a process. "We found that encryption can take two to eight hours," says Kim. "Now we work with departments to pick a time that doesn't impact their business. "
Indeed, everyone interviewed identified people rather than technology as the most essential ingredient.
"Securing data is one thing; retaining the inherent usability of a device is another," says Credant's Stone. "You can't require users to change the way that they work. Don't require the IT organization to change the way that they work either."
According to Watzinger, about 35 percent of SafeBoot's customers use both full disk and file/folder encryption on the same laptop. "When you have an outsourcer administering the CEO's laptop, you need to give him access but stop him from seeing sensitive data," he says.
"After standardizing devices, the biggest thing is having executive management support on who gets encrypted and why, so that you're not fighting that on a daily basis," recommends Marti.
"We put some weight around our laptop protection by making policies heavier," says Clarke American Checks' Means. "Now, if theft is due to negligence, it could cost you your job. One guy
The Real Cost Laptop encryption is expensive. Data breaches are a lot more expensive. Encrypt now, starting with high-risk users.
Follow the Money SOA shifts the security landscape from the infrastructure to business initiatives. Put your security budget where the business is investing its money. You will be a business champion and get management's ear at budget time.
Security is Security Out of sight, out of mind? Virtual servers don't secure themselves, nor is it enough to secure the host. Apply best practices for physical server security with heightened awareness of the dynamic nature of virtualization.
On the Line Prepare now for attacks on your IP-PBX, even if we're not seeing them yet. Don't wait for the bad guys to start DoS-ing your IP telephony infrastructure.
This was first published in July 2007