|
2. LAPTOP AND MOBILE DATA ENCRYPTION
CIOs and their staffs at more than 6,000 organizations are implementing or evaluating solutions to encrypt the data on their laptops. They are doing this because their chief executive officers have told them to make sure they are protected from having sensitive data lost or stolen. They are not just trying to protect the information--the CEOs' own reputations are on the line. They want laptops encrypted, now.
At last September's SANS Laptop Encryption Summit, 18 organizations with experience implementing enterprise-wide laptop encryption shared the lessons they learned with 220 organizations that were evaluating encryption tools and planning for laptop encryption deployment. Among the highlights:
- Organizations that acquired enterprise laptop encryption discovered that at least two vendors provided misleading responses to the request for proposals. The vendors provide "bottom line prices that do not include all the required elements," users said.
- Organizations have found that using versions of several common third-party utilities and functions in Windows will make the encrypted data unreadable and unrecoverable. Exam-ples include Symantec Ghost and Windows Safe Boot.
- Data loss also occurs because users who implement encryption try to take shortcuts. Some do not back up their data, and others skip the disk cleaning that most encryption vendors strongly recommend prior to encrypting a disk.
- Most organizations choose full-disk encryption rather than file encryption. With user-controlled file encryption, the organization has no confidence that all sensitive information was encrypted on a lost or stolen laptop. That uncertainty exposes the organization to liability to disclose the loss of data under state breach disclosure laws.
- Onboard hardware encryption is already being delivered by disk drive manufacturers and will be available from laptop vendors midyear. Hardware encryption users report that the technology removes most of the pain involved in deployment and management of laptop encryption, albeit at a higher price than software encryption.
- Windows encryption functions built into Vista provide most of the benefits provided by third-party encryption tools. However, one critical function--enterprise management of the encryption process--is not yet available from Microsoft, so the third-party solutions continue to ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
be worth the investment.
- Among the most important features in laptop encryption are the need for the process to be automatic and safely reversible for users, and the need for bulletproof key recovery.
[IMAGE]
Where are security pros planning to add substantial investments in the next year? Standby technologies like firewalls and IDS still command resources, while the need for skills development emerges as a priority.
|
 |
|
