Company deploys PGP whole disk encryption to prevent data leakage

Gambling company William Hill tightens up its data handling security strategy to prevent data loss and leakage by deploying PGP whole disk encryption to develop a centrally managed platform for laptops.

The data encryption industry continues to benefit from the recent rash of data breaches, and the tightening of regulations to prevent further data leakages.

We want just one, central management server that can control all encryption applications, rather than lots of dispersed, siloed environments.
Nick Copley,
information security managerWilliam Hill

The latest big company to beef up its data handling is the gambling company William Hill, which has just begun a rollout of technology from PGP that will eventually cover its entire estate of 15,000 machines.

The initial work has focused on bringing its laptop computers under central control, with whole disk encryption and key management handled from a single management platform.

William Hill has been using a PC-based encryption product (the company prefers not to say which) for the last four years to encrypt data on its laptops. But like many early encryption products, it had a noticeable impact on system performance, and could not be managed centrally.

Brits lose their fear of encryption – slowly: A survey of nearly 650 UK-based IT and business managers, analysts and executives, found that the use of encryption to comply with regulations had gone up from 17% in 2007 to 58%.

Considerations for encryption and compliance: It's often thought that a wide-ranging encryption implementation can prevent data loss and satisfy compliance mandates. Reality, of course, is more complex.

Seagate pushes hard drive encryption to the data center: Seagate wants to extend full disk encryption to hardware, but is the enterprise read

The company has now switched to PGP's Universal Server and Whole Disk Encryption products in order to create a platform that can be managed centrally, and that will also allow encryption to be deployed more widely throughout the organisation.

The project is being carried out by Gradian Systems, a PGP Silver Partner. According to Gradian's managing director Damian Acklam, in the initial phase of the changeover, more than 200 laptops using the old technology had to be physically returned in order to have their files decrypted and then re-encrypted under the PGP system.

By contrast, new deployments will work more easily. Universal Server integrates with Microsoft Active Directory and will allow remote deployment of encryption as new laptops are added. The whole disk encryption also operates automatically in the background, and requires no user training. Users who lose their keys will be able to regain access to their machines by calling a helpdesk and by using a pre-agreed secret one-time pass-phrase.

Working in a heavily controlled industry, and holding large amounts of money on behalf of clients, William Hill is subject to a whole range of regulations which make encryption necessary. It is a Tier-1 PCI vendor and therefore has to meet Payment Card Industry Data Security Standard requirements. It also has to comply with the UK Gambling Commission Remote Technical Standards, which were developed in line with the ISO 27001 standard.

In a written statement, William Hill's information security manager Nick Copley said: "We want just one, central management server that can control all encryption applications, rather than lots of dispersed, siloed environments. With the PGP Encryption Platform we get whole disk encryption, and can utilise the benefits of the PGP encryption in other information areas in a holistic, single-vendor platform approach."

The gambling industry is proving a fertile market for PGP, which also has Gala Coral as a customer. PGP also announced last week that Barclays Bank had adopted the PGP Encryption Platform across its worldwide retail and commercial banking operations.

Read more on Endpoint security