According to a report by the Inspector General for the Department of State, half of the laptops issued at the State Department are not encrypted, and eight percent of them cannot be accounted for. More problematic is that the State Department had issued its own mandate to have all of their laptops secured with laptop encryption software–a mandate that was to be reached by July 1, 2008.
A Dismal Situation
A study run on a sample of 334 laptops revealed that 27 laptops were missing (8%), and that 172 of them were not encrypted. Included in the unencrypted group were 14 classified laptops, of which 9 were labeled as “secret.”
It has been pointed out by the inspector it’s not possible to tell whether the missing 27 laptops were protected via hard disk encryption or not, since there is no system in place to track which computers were protected. Officials, of course, assure that there was no sensitive information on these missing computers. Problem is, there is no way to prove it. There is also no way to disprove it.
Too Many Computers To Be Tracked?
Usually, people create mandates that are, in their opinion, achievable. And, even if the initial objectives are not reached, they tend to have progressed quite a bit in achieving their goals.
So, it’s very telling–although I’m not sure of what–that only half of the machines that are accounted for have been encrypted an entire year past the original deadline.
Why does the State Department have such difficulties? Did they just give up once the deadline was reached and failed to meet their objectives?
My guess is that they’ve got way too many computers, and they’re plodding in their efforts. I’ve been trying to find some employment figures for the department, and the only one I’ve found is from Wikipedia, claiming 30,266 employees in 2004. Assuming that figure has remained static, and that only half of them have been issued laptops (highly doubtful), that’s over 15,000 laptops that have to be encrypted.
That’s a lot of laptops.
Centrally Managed Encryption Necessary?
Keeping track of 15,000 of anything is going to be incredibly hard. Managing encryption keys could well be nothing short of impossible.
An encryption solution like AlertBoot endpoint security systems could offer a solution to companies and organizations in a similar bind.
Centralized Encryption Management System: AlertBoot acts as a central hub for controlling the encryption status of machines. You can control whether a machine should be encrypted or decrypted; follow up and send e-mails to those users who haven’t encrypted their machines; and even recover users’ access to their computers if they forget their usernames or passwords or both.
Auditing Reports: Powerful reports are included in AlertBoot, including those for keeping track of computers’ encryption status; finding when a user last synched their machine with the central console; and logging computer access attempts, just to name a few. If a computer gets lost, it’d be very easy to tell whether it was protected or not.
Encryption Over The Internet: AlertBoot uses the capacity of the internet to distribute the encryption software. The enduser of the laptop can simply download the small program while connected to the internet, and with some simple clicks, get their machine encrypted. This distributed installation model means IT personnel need not visit computers personally to install encryption software.
Especially useful if an organization’s computer footprint is widespread.
Related Articles and Sites: