When will people learn to scramble laptop data?

by | Jan/7/2009

Once again, I have met a new client that suffered a data breach because they lost a laptop. The news is filled with examples of this information. First of all, why are customer names, Social Security numbers, addresses, and phone numbers allowed to be stored on computers? Frequently it is without the company’s knowledge.

The simple solution? Have your IT professionals use full disk encryption on all laptops and then even the desktops. This means the data is scrambled on the device until the user enters their normal login. The setup is simple, the computer remains fast, and the user needs no additional training.

If your IT department isn’t setting up full disk encryption for all computers yet, ask them to start today.


  1. Ben Alfonsi

    Hi Mike,

    We are investigating laptop data encryption at our University. We’ve looked at Dell/Credent, WinMagic, Symantec, and every variety of FDE, file/folder combination out there. Can you point me a right direction for more concise due diligence information.
    Thanks, Ben A.

    • Mike Foster

      Hi Ben, with all of your research, it is easy to see that you want to do this “right” from the very beginning.

      There may be one, and I don’t know of any unbiased concise due diligence source of information. Here is information that may help you based on what I’ve encountered while working with our customers.

      Most of the vendors will allow you to perform trials of their solutions in a “try before you buy” agreement.” Do it. Find out what you like best. I didn’t see BitLocker or TrueCrypt in your list and you’ve probably explored those options as well.

      The best solution, as you can know, will be one that allows you and your team to centrally manage the encryption on all of the devices without having to visit each individual laptop.

      As you know, this whole project, especially the management of the systems, will be much more complicated if the university wants you to support a “bring your own device – BYOD” situation rather than all of the laptops being purchased and owned by the University.

      The specific operating systems on each device will influence your decision, as well as, if any, encryption capabilities that are present in the hardware such as that provided by Intel.

      What I really want you to explore is using WORKSTATION virtualization such as Microsoft RDS (aka Server 2008R2 Terminal Services), Citrix Xen, and VMware’s products. When configured accordingly, you could prevent any sensitive data from ever being stored on the laptop to begin with. Perhaps you can eliminate the need for drive encryption. Workstation virtualization solves so many other problems – even when the users are using their own devices – in so many areas of security. Think about security, patch management, sandboxing, two-factor authentication, centralized backup, application control, high availability, centralized control of servers, managed user experiences, and on and on.

      Please keep us posted on your progress and post any other questions you have


Submit a Comment

Your email address will not be published. Required fields are marked *