NASA To Encrypt All of Its Laptops 226
pev writes "After losing another laptop containing personal information, NASA wants to have all of its laptops encrypted within a month's time with an intermediate ban on laptops containing sensitive information leaving its facilities. Between April 2009 and April 2011 it lost or had stolen 48 'mobile computing devices.' I wonder how long it will be before other large organizations start following suit as a sensible precaution?"
Herp Derp... why wait so long?! (Score:5, Informative)
You know? Endpoint encryption is trivial. There are so many products that do it effectively and easily. Why is this being done so late? Where I work, we do that to EVERY computer a user touches, not just laptops. If it isn't locked behind a server room door, it's locked to a desk and the HDD encrypted. Even the receptionist machine is encrypted.
What the hell are these people even thinking?
Sure... data recovery is more expensive or more impossible. I get that. But you know? It's kind of worth it. Also, if it's important data that lives ONLY on the endpoint machine? Well, that's another thing they are doing wrong.
Re:They waited this long because? (Score:5, Informative)
Re:i don't understand... (Score:3, Informative)
Because there's no enterprise management behind Truecrypt, which pretty much eliminates it. I haven't looked at BitLocker for a while, but I seem to recall it had its share of issues as well. I've used Safeboot, and its not terrible.
Regardless, its not as simple as saying, "here, install this".
Horses and Barn Doors... (Score:5, Informative)
Re:They waited this long because? (Score:4, Informative)
Because the typical end user is stupid and forgets their password.
On a normal laptop, this means a bit of inconvenience.
On an encrypted laptop, this means a loss of all data.
You have to have solutions for this problem in place before you can roll it out.
No it doesn't. You add a second admin key to all the laptops.. It's not rocket science..