Chances are you’ve heard news stories about lost or stolen laptops that containing volumes of employee or customer social security numbers, credit card numbers, and other personal information. The actions taken against employees or consultants that put sensitive data at risk in this way range from disciplinary action to criminal / civil penalties. Needless to say, no one wants to be the guy (or gal) who loses a laptop chock-full of sensitive customer or corporate information. But what are organizations doing about this problem?
Some organizations are going to full-disk encryption of laptop and tablet PC’s (full-disk encryption means that everything, usually minus some bootstrap program, on the hard drive gets encrypted–not just selected data files). With full-disk encryption, if your tablet PC or UMPC is lost or stolen, you don’t have to worry about unauthorized individuals getting access to your sensitive data (unless you leave the encryption password on a yellow sticky note attached to the computer). The U.S. Department of Defense, for one, is starting to deploy full-disk encryption on some of its laptops to minimize the risk of defense or military personal information falling into the wrong hands.
What practical issues should you consider before installing a full-disk encryption on your tablet PC or UMPC? Here are a few things you’ll want to consider:
- Strength of encryption: don’t trust proprietary encryption schemes that claim to be a "breakthrough" discover in cryptography–go with a proven encryption algorithm like AES, Twofish, or Triple DES.
- Ease of use: things that are hard to use don’t get used. Make sure the product you choose is easy or transparent to use (best bet is to get a trial version of the product or read an extensive review).
- Key/password recovery: what happens when you forget your super-secret encryption password? Make sure any product you buy has a mechanism for a properly identified owner to un-encrypt protected information in case of emergency.
Is full-disk encryption a little too scary for you? Maybe you’d consider an encrypted external drive or thumb drive. An example of an external storage device that supports encryption is reviewed here. Notice the review zeroes in pretty quickly on the ease of use, which is apparently lacking on this product. On the other hand, the integrated fingerprint reader is a plus in my book since it would make it much harder to forget that all-important encryption password. Another product shown in an advertisement on that same page is a USB thumb drive with strong (256-bit AES) encryption. A review of this product is a little more favorable than the LaCie mobile USB hard drive.
One final consideration…before buying any encryption product, make sure you understand what encryption protects you from and what it doesn’t. These encryption products are designed to secure your data from unauthorized access once you’ve locked them or shut your system down. Encryption will not protect your tablet PC or UMPC from viruses, active network hacker attacks, or nasty programs like keystroke loggers. Disk encryption is like a safe in your house; if you forget to lock it, the contents are not protected. If forget the combo, the contents are protected forever (even from you).
Are you using encryption to protect your sensitive mobile data? I’d like to hear what you’re using and what encryption war stories you have.