It’s not very often that I run across an article where the author asks readers to encrypt desktop computers. But, the Chief Privacy and Information Risk Officer at UC Berkeley is doing exactly that in a post.
Short but Straight to the Point
Ms. Ann Geyer, CPO and CIO at University of California, Berkeley, has this blog post up and running at berkeley.edu.
Computer theft is one of the top three causes of data breaches
Desktop computers need to be secured physically (cable locks, office doors locked, etc)
Desktops need to be encrypted as well
These are cheap compared to lawsuits
There was a time when desktop computers were about three feet high, three-quarters of a foot wide, and weigh no less than twenty pounds. The chassis of the computer came with a built-in hole through which one could run a metal cable wire, to prevent the removal of the chassis (and hence securing the computer’s inner hardware) and to prevent the removal of the entire desktop.
Spring forward to 2012: desktops are quite rare. They are in use but they’re about as big as laptops. Heck, sometimes they’re even smaller and lighter than laptops because a desktop doesn’t have a built-in monitor to weight it down.
And yet, there are people who’d install encryption software on their laptops “because they’re portable” but don’t think of doing so for their desktop computers that happen to be just as portable. Why?
After all, data security focuses on, as the name indicates, the security of data. Desktop computers traditionally hold more data than laptop computers due to higher capacity hard drives. They are also traditionally used longer (implying your average desktop model will be much older than your laptop), again leading to more data being stored.
And yet, when most people hear “encryption,” they think of mobile devices such as laptops, netbook computers, external hard drives, and other devices designed to be portable. But data security is not about whether something is portable or not. As Geyer notes:
The more data that is stored on the computer, the greater the importance of physical security measures.
The part on “…the more data that is stored…the greater the importance” also applies to encryption. One could say this especially applies to encryption. Encryption is, for the lack of a better word, useless if there isn’t any data to be encrypted. At least with physical encryption, even if there’s no data to protect, you’re preventing the theft of equipment.
But, if there is data to protect…well, then, my friend, data encryption is what you want because any guy with a $25 cable cutter or hammer can get rid of physical security. Breaking strong encryption? It can’t be any guy, and $2500 will not quite cut it.
Related Articles and Sites: