<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcs8krshw00000cpvecvkz0uc_4g4q/njs.gif?dcsuri=/index.php/c/a/Projects-Security/University-Guards-Laptops-Against-Data-Theft&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.baselinemag.com&amp;WT.qs_dlk=XdV2nKSe-NEplno0lc3b8wAAAAM&amp;">

University Guards Laptops Against Data Theft

By Doug Bartholomew  |  Posted 2007-10-31 Print this article Print

With security breaches damaging the reputations of several major universities, Baylor U. was determined to protect the personal information of its students and faculty. Whole-disk encryption is doing the job.

The Problem:
After a flurry of data breaches at several large universities, Baylor University needed to ensure that primary identification information for students and faculty stayed safe.

The Details:
More than 197,000 personal records were exposed in a data security breach at the McCombs School of Business at the University of Texas in April 2006. It was the school's second such incident in three years, and one of a wave of such breaches at academic institutions including UCLA, Northwestern and Ohio University in the past two years alone.

As a result of heightened concern over data breaches, the Lone Star State passed legislation requiring organizations to notify individuals affected by a privacy breach and to take action to resolve the problem. Until recently, many universities used Social Security numbers as primary identifiers for student and faculty information, according to Jon Allen, Baylor's information security officer, who says the Waco university "switched from using Social Security numbers as the primary identifier, but a lot of old data was still stored that way." That, along with the "huge migration" from desktops to laptops among students and faculty, put the school—with a 735-acre campus home to 14,000 students and 1,500 faculty and staff—at risk.

The Solution:
Baylor chose PGP's Whole Disk Encryption system, which it is rolling out to the university's fleet of laptops. The product takes the responsibility for encrypting data and maintaining secure data keys out of users' hands, Allen says. "The whole-disk option provides real-time encryption from the disk and you don't see significant degradation to the user," he adds.

File encryption systems are more than twice as common as full-disk encryption software installations. But easily twice as many organizations plan to deploy full-disk encryption as file encryption in the next year, according to an August survey by Aberdeen Group. "Year-over-year growth—that is, planned use vs. current use—was 74 percent for full-disk encryption vs. 18 percent for file encryption," says Derek Brink, vice president and research director for IT security at Aberdeen Group.

Doug Bartholomew is a career journalist who has covered information technology for more than 15 years. A former senior editor at IndustryWeek and InformationWeek, his freelance features have appeared in New York magazine and the Los Angeles Times Magazine. He has a B.S. in Journalism from Northwestern University.
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.