The Problem:
After a flurry of data breaches at several largeuniversities, Baylor University needed to ensure that primaryidentification information for students and faculty stayed safe.
The Details:
More than 197,000 personal records were exposedin a data security breach at the McCombs School of Business atthe University of Texas in April 2006. It was the school’s secondsuch incident in three years, and one of a wave of such breachesat academic institutions including UCLA, Northwestern andOhio University in the past two years alone.
As a result of heightened concern over data breaches, theLone Star State passed legislation requiring organizations tonotify individuals affected by a privacy breach and to take actionto resolve the problem. Until recently, many universities usedSocial Security numbers as primary identifiers for student andfaculty information, according to Jon Allen, Baylor’s informationsecurity officer, who says the Waco university “switchedfrom using Social Security numbers as the primary identifier,but a lot of old data was still stored that way.” That, along withthe “huge migration” from desktops to laptops among studentsand faculty, put the school—with a 735-acre campus home to14,000 students and 1,500 faculty and staff—at risk.
The Solution:
Baylor chose PGP’s Whole Disk Encryptionsystem, which it is rolling out to the university’s fleet of laptops.The product takes the responsibility for encrypting data andmaintaining secure data keys out of users’ hands, Allen says. “Thewhole-disk option provides real-time encryption from the diskand you don’t see significant degradation to the user,” he adds.
File encryption systems are more than twice as common asfull-disk encryption software installations. But easily twice asmany organizations plan to deploy full-disk encryption as fileencryption in the next year, according to an August survey byAberdeen Group. “Year-over-year growth—that is, planned usevs. current use—was 74 percent for full-disk encryption vs. 18percent for file encryption,” says Derek Brink, vice presidentand research director for IT security at Aberdeen Group.
