- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
June 02, 2006 | Comments: (0)
When will companies learn to encrypt all portable computers and media by default?
How many millions of lost and stolen records will it take before encryption is turned on by default for all portable computers and media?
EFS is free on Windows. Linux and Unix have open source TrueCrypt. And there are dozens of great commercial solutions. There is no excuse for any professional organization, the least of all auditors, to have portable data unencrypted. It's negligence.
Sadly, a few judges have ruled that many of our national guidelines for data protection stored in private companies don't absolutely require encryption to be used. The guidelines often say that "...customer data needs to be adequately protected...", but doesn't require encryption.
I say when your plaintext data is stolen or lost, it shows the data was not adequately protected!
Does someone have to steal and use all of Congress's personal data for there to be serious data protection laws (instead of all the pointless hearings and counterproductive, competing, watered down leglislation)?
Posted by Roger Grimes on June 2, 2006 04:03 PM
RATE THIS ARTICLE:
-
- COMMENTS
