Plan
Assess your needs. Understand the risks and vulnerabilities of your enterprises, says Gregg Davis, CIO for Webcor Builders, a San Mateo, Calif., commercial builder. Not all businesses need to operate with the same level of security. If your industry must comply with regulations for protection of data, you may need a greater level of security than a company handling less sensitive corporate and customer data. If data loss wouldn't be critical to your company, operating-system-level encryption could suffice.
Evaluate
Weigh options. Encryption is an effective method of protecting data, says Forrester analyst Paul Stamp. Some courts will excuse a company from reporting a loss if it can show the information has been adequately encrypted. Multiple vendors are available to provide either full-disk or policy-based encryption. Disk-level encryption can place a strong umbrella of protection around mobile equipment, but file-based encryption, which selects specific data to encrypt based on predefined company policy, can be more flexible.
Budget
Follow the data. Make sure to target your security dollars at where critical data resides, says Jere Roche, network service team leader for Clark Memorial Hospital in Jeffersonville, Ind. For most enterprises today, that will be laptop computers. As processors and graphics continue to mature for handhelds, however, expect more applications to move onto smaller devices. CIOs need to plan for how policy and technology will best intersect to meet the new computing styles expected over the next few years.
