|
With the vast amount of sensitive data now being stored on laptop computers, government agencies risk costly litigation and public relations nightmares when even one notebook goes missing. Information Technology (IT) professionals in the public sector must accurately track computers and be able to prove that every action has been taken to secure personal information and sensitive data until a lost or stolen computer can be located.
The U.S. Federal Offi ce of Management & Budget (OMB) will soon require all mobile and remote workers to use encryption to protect data stored on computers3, but it is important to stress that encrypted data is not necessarily secure data. Gartner Group estimates that 70% of corporate computer crime in North America occurs as a result of “inside jobs”.4 Because employees committing such crimes usually have in their possession the necessary passwords and encryption keys, encryption may only be effective in 30% of all incidents.
Single point security solutions cannot adequately protect government agencies from all points of attack. Instead, a multifaceted or layered approach to mobile security and data protection is required, comprising “CPR”: Compliance, Protection and Recovery:
_ Compliance – Adherence to all applicable mobile data protection regulations, with an easily accessible audit trail
_ Protection – Protecting data on mobile computers includes encryption, strong authentication and the ability to remotely delete sensitive data on stolen devices
_ Recovery – Recovery of lost or stolen devices returns them to the control of the organization and facilitates prosecution.
By adopting the CPR approach to laptop security, government agencies can minimize the impact of computer theft, while complying with privacy regulations. Computrace® notebook security and tracking software products help ensure regulatory compliance by protecting data, tracking hardware and users, providing auditing capabilities and acting as a historical record of computer assets and their use. An optional Data Delete function can also be used to remotely wipe stolen computers using a Department of Defense-approved algorithm.
The Computer Security and Tracking Challenge for Government
Laptop usage in the public sector continues to rise – in some cases, administrators have thousands of remote PCs to manage. Sensitive or even classifi ed information residing on laptops increases with greater mobility among government employees. Even states and agencies that have been early adopters of technology have been slow to fi nd and implement effective asset tracking methodologies that can help them keep pace with growing security threats while protecting critical operations and PC assets.
IT professionals must be able to accurately track their computers, know who is using them and what is installed on them, and be able to prove that actions taken to secure computers remain deployed and intact until a missing machine can be located. Security audits and evaluations of IT systems are on the rise; in fact, for federal agencies, an annual audit is now mandated by Congress.5 Assets that cannot be effectively inventoried and monitored at all times – not just once a year – can undermine even the best security strategies, exposing an entire government department. It is no coincidence, then, that enhanced computer security for federal agencies and state and local jurisdictions is one of a number of key initiatives recently announced by the O.M.B.
A Changing IT Landscape
Several factors have dictated the need for a more robust approach to public sector security policies in recent years, including:
_ Increased use – and theft – of notebook computers
_ Intense focus on data privacy and data security concerns
_ Regulatory compliance mandated by recent legislation
Keeping pace with the changing IT landscape requires a layered approach comprised of products, policies and procedures working in concert to provide IT professionals everywhere – in the public sector, private sector or education – with the broadest security blanket available.
The Layered Approach
Single point solutions – such as encryption alone – are no longer enough to adequately protect an enterprise from all points of attack. IT departments getting by with minimal compliance protection expose themselves to unnecessary risks and potential liability. To reduce exposure and ensure full compliance with government regulations, a multifaceted or layered approach to mobile security and data protection is recommended, comprising Compliance, Protection and Recovery.
|
