Protecting data through encryption no longer means a huge, expensive project that becomes a headache for management and users. Today’s encryption products are smaller, easy to manage, and more transparent to end users than ever before.
Organizations use different types of encryption products for different purposes. At INTEGRIS Health, a chain of hospitals in Oklahoma, the IT security director was concerned that physicians were carrying around sensitive patient data on unsecured PDAs. After demonstrating just how easily this information could be compromised if a device were lost or stolen, he implemented an encryption solution that ensured that any PDA that tried to synch with a hospital desktop had the proper encryption product installed. If it didn’t, the desktop could push the software onto the PDA or deny it access to the network.
At DeKalb Medical Center in Georgia, the security team was concerned about protected health information being sent out in unencrypted e-mails. The center implemented a two-part solution. The first product could automatically identify the presence of any such information; the second was an encryption product that would encrypt such messages without any help from the user. Recipients of encrypted e-mails pick up their messages from the medical center’s secure server. Another encryption product secures large data transfers that need to occur among the center’s business partners.
In another example, Black Hat, which sets up annual conferences of IT security professionals around the world, installed a full disk encryption product on each of its laptops. During boot up, a user must plug in a USB token and enter the proper authentication information. Then, the computer boots up normally and without any noticeable latency. Full disk encryption also gives the director peace of mind that data is not tampered with or keyloggers installed.
Peter Piazza is an associate editor at Security Management.