About MCPc

MCPc is a trusted technology products and solutions provider driven by a team of dedicated, customer-focused professionals with experience solving complex business challenges.

Posts by Category

MCPc Blog

Current Articles | RSS Feed RSS Feed

Mobile Data Security Solution: Full Disk Encryption

Posted on Fri, Jul 16, 2010 @ 01:48 PM
  
  
  
  

Years ago, mobile computers were the exception in most businesses.  They were overpriced, under-powered, and you had to meet very special requirements —such as spending a high percentage of your time on the road — to have them.  Rather, most business data was stored on desktop machines that remained in the building at all times and was protected behind multiple layers of security such as:

  • Network Firewalls
  • Network DMZ
  • The walls of the building
  • The physical security system of the building
  • The security guards
  • The security gates

Each of the above attributes represents an obstacle that must be overcome for one to access the data that is contained within your business’s on-site computers and network.  If the network is properly tightened and hardened and your physical security is what it should be, then you have a fighting chance to keep your data secure.  With this kind of security, you know what lines you need to defend — the doors need to be locked, the windows need to be shut and ports be secured and/or closed. 

What I mean to say by all of this is that the battle lines are obvious and defendable.  But what happens when someone can pick up a computer and take it outside of these layers of protection?  What happens when all of this inherent security can no longer effectively protect your company’s information?  What happens when the battle lines get blurry?

The Mobile Workforce

In the third quarter of 2008, laptops shipping from manufacturers surpassed desktops for the first time in the history of the industry.  The workforce is becoming mobile and it doesn’t seem to be trending in any other direction.  If this is the future of our workplace environment, why and how do we deal with the inherent problem of securing the data on these mobile computers?

The “why” question is easy to answer: It is the obligation of every business to protect the private information of their customers.  This holds true for every industry and every sector.  Everybody has heard of HIPAA, Sarbanes Oxley and GLBA.  However, most people don’t know that as of December 2008, forty-four states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.

This means that in most of the United States, if a suspected data breach occurs it must be reported.  This makes mobile computers without full disk encryption high-risk assets.  For example, an incident reported by the Department of Veterans Affairs in 2006 involving the personal information of 26.5 million veterans had an estimated cost of 1.59 billion dollars to remediate.  How much do you think a good full disk encryption solution would have cost them?  This isn’t just an issue in the United States either — in the United Kingdom, for example, they have the Data Protection Act of 1998.

Computer Security

As far as the “how” is concerned: For businesses using mobile devices, full disk encryption is a security practice that should be implemented.  Full disk encryption is the process by which your entire hard drive is run through an encryption process.  Once complete, the hard drive is unreadable without the proper decryption keys.  When the proper decryption keys are presented, only the data that is needed at the time is decrypted and presented to the user, thus keeping the process of accessing data fast and reliable while increasing security exponentially.

It has become quite evident that mobile computers are here to stay and the task of properly securing those computers should be directive number one.  The first step in a proper mobile data security plan should be full disk encryption.  Though it is not the only security measure to be taken, it certainly is the top priority for most organizations.  It is the only way to ensure not only peace of mind, but also full compliance with all necessary regulatory bodies.  Full disk encryption is the first line of defense for your data because it protects your data during the times you are not directly engaged with your mobile computer.  These are the times loss and theft are more likely to occur.

Full disk encryption is not the only mobile data security technology that should be considered.  There are technologies like personal software firewalls, file level encryption for highly sensitive data and GPS based asset tracking systems, but they all speak to point problems.  The most secure systems must have a strong foundation and that foundation is full disk encryption.

For more information on the reality of data breaches visit: http://datalossdb.org/

 

Jason Dell

Jason Dell is a Converged Network Solution Consultant at MCPc, and is responsible for developing and programming custom solutions for clients. His expertise includes network security and security for mobile devices in the enterprise. Connect with Jason on LinkedIn.

Image Credit:

http://farm4.static.flickr.com/3219/3100521899_b40d070e88.jpg

Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

MCPc Blog

The MCPc Blog offers insight into common business technology products and solutions, as well as an inside look at MCPc's people and culture. 

Subscribe by Email

Your email:

Connect with MCPc

Latest Posts

Most Popular Posts

Posts by Month

Copyright © 2010 MCPc, Inc. All Rights Reserved. All Rights Reserved. Designed and Developed by Wakefly