“The Bush Administration is giving federal civilian agencies just 45 days to comply with new recommendations for laptop encryption and two-factor authentication.” – http://www.securityfocus.com/brief/239
45 days. Man, I hope they’ve already started, because 45 days to analyse the field, pick a vendor, test proof of concept, agree on licences, buy the software, deploy a pilot, train staff, and roll out to everyone without making day one into a mass “hey, guys, I forgot my password, can you decrypt me?” phone-tag game – wow, that’s tight.
Like I say, I hope they’ve already started – and quite frankly, I already hoped they’d already started, because to not do so… that’s crazy.
Of course, the other tack to take – at the same time, I hope, is to stop storing the damn data on the portable devices. Wherever possible, those laptops (and other portable data storage devices, let’s not forget thumb drives) need to have nothing more damning on them than a copy of Windows (or, I don’t know, Fisher Price’s “My Little Sony”, whatever you other people use), and the VPN client to connect back to the home base. Sure, sometimes, you have to carry data around with you, but good luck getting approval to do so, or avoiding a tongue-lashing if you’re found to have that data on your laptop without significant reason to do so.