« NHS Trust lost diary with personal data | Main | Don't forget to review the security of third party vendors »

Laptop Encryption: implement as standard?

Is it still necessary to have to make a case to implement encryption on laptop computers or should we, by now, simply consider it to be normal practice? Seems like a question with a pretty obvious answer but clearly not because organisations such as the Ministry of Justice - as reported here in Computer Weekly - are still losing laptops containing unencrypted sensitive data. In this instance it is the names, dates of birth, addresses and offence details of 14,000 fine defaulters.

Is it the case that encryption shouldn't so much be mandatory as standard? It would be good to think that if my company issued a laptop that didn't come with encryption software installed, switched on and with appropriate training provided then the recipient would come to me and complain. Of course they don't. Instead they will pull a face suggesting that poison is being injected into their veins.

If you don't have sensitive data on laptops then you don't need to use encryption. Right? Research performed within my own organisation demonstrates that you cannot always predict which users will have sensitive data. To muddy the waters further there are differing perceptions on what sensitive data is. 

There's little joy to be had in spending company profits on laptop encryption, but I don't think it's up for debate anymore.  

Posted by Stuart King on August 20, 2008 6:09 AM
| View blog reactions

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/33565

Comments (2)

Mark Woollatt:

Maybe if MS included bitlocker across the vista range then companies would not have to fork out for the "Ultimate Edition"....Quite why it is not included in the "Business Edition" is completely beyond me.

Posted by Mark Woollatt | August 20, 2008 10:58 AM

Posted on August 20, 2008 10:58

Duncan:

Why bother going for high end personal computing? Go down the commodity, throw away route with a thin client type solution and a technical policy that doesn't allow residual data to remain on your commodity laptop. The laptop just becomes a secure conduit, rather than a storage solution, and corporate data stays on the corporate servers. With ubiquitous wireless connectivity this is becoming a practical reality.

Posted by Duncan | August 21, 2008 11:46 AM

Posted on August 21, 2008 11:46

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on August 20, 2008 6:09 AM.

The previous post in this blog was NHS Trust lost diary with personal data.

The next post in this blog is Don't forget to review the security of third party vendors.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Enterprise 4.1-en