Massive Data Encryption Test
Federal Computer Week is reporting that the US Army is starting a pilot program to encrypt all data on all mobile devices. But that’s not all:
In the coming weeks, the secretary of the Army will release a new policy on data encryption mandating that each Army laptop PC be designated and clearly tagged as travel or stationary. All travel computers must use commercially available encryption software until an enterprisewide tool is chosen. . . .
The Good News: They Can’t Read The Data. The Bad News: Neither Can We.
Both Windows XP and Mac OS X have encryption options: XP has Encrypting File System; OS X has FileVault. I’m not familiar with the details of EFS, but FileVault is pretty secure - if you lose your password it is all over - you’ve got to wipe all your data. Which is one of the reasons I’ve never used it. Nor have most XP and OS X users. When we think of all the stupid and embarrassing reasons one can lose all data, forgetting the password has to be near the top of the list.
Apple’s FileVault has a Master Password option that will unlock any FileVault account, so a wily admin can set up a way to save forgetful users.
Yet this whole effort is back to relying on passwords, which are usually hackable, to secure data. Not to mention the organizational angst required to manage tens of thousands of passwords. It seems to be a choice among several sub-optimal solutions.
Go Army!
Despite the issues I applaud the Army for mandating encryption. There is nothing like a massive customer spending money to get ingenious people working on better solutions. A large scale test of those solutions will shake out the bugs faster than any beta program. With the Army’s action perhaps we will see more secure and usable encryption options on the market sooner rather than later.
on August 29th, 2006 at 12:58 pm
Robin,
Storage Markets is running two related questions on encryption. One suggests that at least two of the top five storage vendors will have deployed a ‘data at rest’ encryption feature after 2007, but most likely before 2010. Said differently, 2008 or 2009 are neck and neck as the most likely release times for this feature.
The other question asks which implementation will be most popular in 2008, and it looks like encryption in storage systems is the clear leader. HBA is not going to be a popular implentation style according to trading behavior.
Of course, if you (or your readers) disagree, this is a free market for storage industry professionals, so feel free to join the fun at http://www.storagemarkets.com.
Rich
on October 5th, 2006 at 10:56 pm
I personally think everyone should use data encryption. I had a laptop stolen once and the data wasn’t encrypted. Trust me, I learned my lesson. I’ve been using Digital Vault by Stompsoft (www.stompsoft.com) ever since then. I can’t guarantee I won’t have another laptop stolen, but at least I won’t have some creep out there with my personal information if it does happen.
on October 6th, 2006 at 7:45 am
Note on the prior comment. The writer appears to work for a firm that had Stompsoft as a client. Make of it what you will.
Robin