in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: Auditors Slam USCIS For Lack Of Laptop Encryption

Do you know why solutions like managed laptop encryption software such as AlertBoot are better than some standalone ones?  Among many reasons, it's because the encryption cannot be overridden by anyone but the administrator.  It has to be done from a central console.

This ensures, among other things, that a laptop stays encrypted once it is encrypted.  Why would anyone try to disable encryption?  For one, it might interfere with training.

USCIS Parades Around Unencrypted Laptop for Training Purposes, Thinks It's OK.  Not!

The Department of Homeland Security (DHS) Office of Inspector General (OIG) finds in a report that the U.S. Citizenship and Immigration Services (USCIS) department has problems when it comes to the security of its laptop assets.  The report found that:

  • 2.79% of randomly selected laptops showed discrepancies in its name (asset management system vs. configuration management tool).  This affected Windows updates
  • 6.27% of laptops had a nonstandard computer name
  • 6.5% of laptops did not use the latest service pack of it operating system
  • 8% of laptops did not use the latest version of its encryption software
  • 4.5% of laptops did not use encryption at all, or had it disabled

Regarding the last two points, USCIS noted that,

there were two situations where, by design, the standard USCIS encryption software was not active on the laptops: laptops used for classified processing and laptops used for training. USCIS staff noted that classified laptops do not use the standard encryption software, but rather the laptops used for classified processing conform to the rules of the classified system. When encryption software was running on training laptops, if a user rebooted, someone would need to be called to log in past encryption before the class could continue. According to USCIS staff, the training laptops do not need to be encrypted because they do not leave DHS facilities. [OIG report, OIG-12-83, May 2012]

The OIG answers in the same report that,

According to Directive 4300A, Information stored on any laptop computer or other mobile computing device that may be used in a residence or on travel shall use encryption.…

Laptop computers that are not running the most recent encryption software might not be adequately protecting the security and privacy of USCIS data, potentially putting data confidentiality, integrity, and availability at risk.

In other words -- as fiercegovernmentit.com noted -- there are no exceptions for instances where training gets slowed down because of reboots.

It's because of questionable judgments like these that allowing laptops to be decrypted by the user should not be allowed.

Have They Not Heard of Break Ins?

There are myriad reasons why a laptop used in a secure environment should be and stay encrypted.  Reasons include theft and your spontaneous cases of laptopwentamissingitis, the condition where a laptop just disappears.


Related Articles and Sites:
http://www.fiercegovernmentit.com/story/only-vast-majority-uscis-laptops-updated-and-encrypted-say-auditors/2012-05-16
http://www.oig.dhs.gov/assets/Mgmt/2012/OIG_12-83_May12.pdf

<Previous Next>

Laptop Encryption Software: UK Glasgow Council Reaches Out After Laptop Stolen

Canada Hard Disk Encryption: Manitoba Progressive Conservatives' Laptops And Desktop Computers Stolen

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.