Why aren’t all business laptops encrypted?

gallery

Well-respected security experts have questioned why many companies still aren’t encrypting their laptops, even though the technology is now very easy to deploy.

At a security event held by Reuters and ENISA in London today, BT chief security technology officer Bruce Schneier said that it had now got to the point where, with “zero effort”, all businesses could completely solve the problem of the lost laptop.

He said of encryption tools: “If you don’t use them, you should download them. TrueCrypt is a free one, PGP disk is cheap, BitLocker comes with your Vista computer if you have one."

He added: “They’re trivial, they have no latency – you won’t even notice the slowdown. They all link in to your Windows log-in – you won’t have to type a second key in.”

Schneier said the fact that every business wasn’t doing this “amazed” him, because the technology was so clean and easy to use.

“Especially if you’re travelling overseas,” Schneier added. “You just do it. It solves the problem.”

Schneier also rejected the corporate argument that although the technology has been available for a long time, it was difficult to apply the technology across a broad number of platforms and business units.

“It’s largely imaginary,” Schneier claimed. “Encrypt your laptop. Type a key in, and a laptop’s encrypted. Have the guy write the key down and give it to the security officer. This stuff is easy.”

Howard Schmidt, president of the Information Security Forum (ISF) agreed, saying that today’s technology made encryption very simple. He said it simply boiled down to companies making excuses as a reason not to do it, rather than pushing it as the right thing to do.

"Same thing goes with sender ID and mail," he said. "We could make a really big dent in spam just by implementing some of the mail technologies that are out there.”

Email to a friend

Print this page