Feds crawl toward encryption

Often it takes a high-profile disaster to get the wheels of government moving toward preventing a repeat.

Such appears to be the case with this year's infamous data-leak episode of millions of U.S. veterans' private information last May, which prompted the White House to issue a presidential mandate [PDF] requiring all agency mobile laptops and devices storing sensitive data to have fully encrypted hard drives.

Slowly but surely, the encryption-project ball is rolling, notes the Web site Full Disk Encryption: The government has posted RFPs (request for proposals), giving vendors a chance to line up and make their case for their respective encryption wares. "As with any other encryption product being used by Federal Government, the selected FDE product must have FIP 140-2 certification." (You can read the rest of the technical requirements here [Doc].)

Interested companies include Seagate, Mobile Armor, Pointsec, SafeNet, and Credant. According to Full Disk Encryption; the evaluation is expected to end in 90 days.

It will be interesting to see how much this encryption ends up costing, as well as just how effective it turns out to be. Hopefully it will help the Feds fare better than a D+ the next time its data security competence is assessed.

Meanwhile, perhaps more companies will follow the governments lead, given the rash of data leaks we've seen at corporations like Chevron, Boeing, Wells Fargo, Starbucks, and others over the past couple of years. If they're not sure where to start, they could check out InfoWorld's encryption special report from earlier this year.