Firms take steps to head off encryption dangers

Enterprises are fearful that the growing call to encrypt all stored data raises the danger of a lost password or damaged drive burying important information forever

The growing call to encrypt stored data is raising questions among users and analysts fearful that a lost password or damaged drive could bury important information forever.

Some industry observers believe that a new Trusted Computing Group (TCG) standard, released last month, could lead all hard disk and solid-state drive makers to add encryption capabilities to most products within five years. Most of the top storage vendors are members of the TCG.

[ Encrypting a drive or a file system is easy; the trick is managing the process across the enterprise | Get the latest on storage developments with InfoWorld's Storage Adviser blog and Storage Report newsletter. ]

Corporate IT managers acknowledge the potential problems but say that steps can be taken to overcome them.

For example, AdaptaSoft, a maker of payroll systems software, requires workers to store critical data on the company's network drive rather than on laptops with encrypted hard disk drives, said CIO David Virkler.

AdaptaSoft installed Seagate's self-encrypting, 2.5-inch Momentus 5400.2 drives on its Dell laptops in October 2007 to better protect customers' financial data.

Virkler also noted that implementing a group policy eased what could have been a "painful" rollout of the drives.

Ken Waring, IT director at Toronto-based CBI Health, said that despite the potential for problems, encrypting data "is still a million times better than having nothing."

The company, which operates 135 health care facilities throughout Canada, must do all it can to protect sensitive patient information, he said.

Today, 90 of CBI Health's 200 laptops use Seagate Momentus drives with native full-disk encryption, and the rest will be on a regular product-upgrade schedule.

Dave Hill, an analyst at Mesabi Group, said that well-managed, full-disk encryption ensures that lost or stolen data can't be accessed and that companies are in compliance with most state data-breach notification laws.

This version of the story originally appeared in Computerworld's print edition. Computerworld is an InfoWorld affiliate.

This story, "Firms take steps to head off encryption dangers" was originally published by Computerworld.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies