No excuse for unencrypted laptops

Every year, more than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities. According to our research, in 2008, companies’ topmost security investment was laptop encryption. Laptop hard drives are getting bigger and now can hold hundreds of thousand to hundreds of millions of sensitive records.

One of a CSO’s top priorities is probably to keep your company off the front page of the news. Is it inexcusable to have laptops in the field with unencrypted hard drives? With such new open source solutions as TrueCrypt, there are few excuses left: All laptops must be fully encrypted.

Encryption technology is easy, but encryption solutions are hard. Key management and recovery make it difficult to manage large-scale encryption. Even low-cost encryption software for laptops can add up quite quickly if you deploy it on all laptops. Even if you can afford the cost of the software, however, you have to look at the complexity of the whole solutions.

TrueCrypt, an open source encryption solution now offers cross-platform (Windows, Mac, Linux), whole-disk encryption that is surprisingly easy to deploy and use. The software is slick, both in the initial installation and disk encryption and in its daily use. It’s unobtrusive, has no noticeable impact on performance and requires almost no user training. Furthermore, it is free to use and free to modify. Even the smallest companies now have few excuses for not deploying whole-drive laptop encryption.

As with any offering, the challenge is recovery from a disk failure or password loss. TrueCrypt will create rescue CDs that can be used to recover from corrupted data and boot blocks. In addition, the rescue CD can be protected with a master administrator pass-phrase that is independent from the user pass-phrase. So, users can change passwords and administrators can still recover disks without knowing the user pass-phrase. Rescue CDs can be carried by users (you still need the pass-phrase to use the rescue CD) and also stored in a central location (a fireproof, locked safe).

Although data can be salvaged from an unencrypted drive even after heavy corruption, encrypted disks can become irrevocably corrupted. I would recommend combining TrueCrypt with a good backup solution, preferably an online (over-the-network) backup solution so as to be protected from data loss.

For those not moving to Windows Vista (which has built-in whole-disk encryption), TrueCrypt offers a cost-effective, efficient and very secure solution. Encryption provides not only the most cost-effective “data leak” protection but also a safe haven from breach disclosure. No more excuses: If you’re not encrypting laptops, you are not applying due diligence.