I happened upon a Yale Daily News story that shows why encryption software for desktops might be a good idea. It’s common knowledge that laptop computers should be encrypted if sensitive data is stored in them; however, the same is not pointed out for desktop computers. Why not?
Rash of Thefts at Yale
Davenport College (one of the 12 dorms at Yale) has seen a string of thefts since September. It began on September 15 when three Macbooks were stolen from the library. Nine days later, an iMac desktop computer was stolen:
Nine days later [after the laptops were stolen], an iMac desktop computer was ripped away from its base in the Davenport computer cluster between 2:30 a.m. and 5:30 a.m. [ yaledailynews.com]
A total of nine computers were stolen since September at Yale University.
The theft of computers from college campuses is nothing new, of course. However, it’s quite unusual to hear about a desktop computer being stolen by ripping it from its base. When commonsense dictates that computers are stolen for resale — and that damaged goods are usually can’t be resold easily — it’s even more surprising.
Desktop Computers Need Encryption, Too
The theft of the desktop computer is illustrative of why computers other than laptops require encryption software. Of course, I doubt that any data of value was stored in the stolen iMac. At least, I certainly hope not: it appears to have been a communal computer. Full disk encryption would have been less than ideal* for this particular computer.
We should reflect, though, on the fact that desktop computers can be easily stolen, just like a laptop computer. So why are people quick to emphasize the need for data security tools like encryption on laptops but not on desktop computers?
Data is data is data (is Dadaism). It doesn’t matter in what shape or form it’s stored in. Be it a laptop, desktop, netbook, USB drive, or even a ream of paper documents, if it’s sensitive, it needs to be secured.
The stolen iMac was fixed by its base. That’s one form of security (physical security). And under that particular computer’s circumstances, it was more than adequate, assuming sensitive data was not stored on it. But, desktop computers can be stolen. They are stolen. If sensitive data is stored in them, they must be encrypted.
* Why wouldn’t it have been ideal? The purpose of encryption software is data security. If we focus on data security, it stands to reason that every user should have his or her own username and password (as opposed to everyone sharing the same username and password). Assigning everyone a username can be complex, not to mention that it involves “maintenance work” in resetting forgotten passwords, disabling old users, etc. This is a lot of work for securing computers that are unlikely to hold sensitive data.
Related Articles and Sites: