Educational Technology and the Social Web

June 21, 2008

Laptop Hard drive encryption

Filed under: Education and Technology — Ken @ 2:06 pm

Live blogging from CALI 2008: Thomas Ryan and Timothy Divito from Rutgers School of Law – Camden are discussing laptop encryption. They recommend all deans, department chairs, faculty, clinical staff, admin staff, and clerical staff have encrypted drives. They posit that most laptop thefts are not for the purposes of identity theft but rather for the system itself and that the majority of thefts are inside jobs. Regardless of the impetus, rules and regulations require disclosure of the theft to all who may be affected. This is obviously an undesirable situation.

They reviewed many different products but are highlighting two today: Free CompuSec and Truecrypt. CompuSec’s nicest feature is GlobalAdmin which is a central management system. CompuSec supports Windows (2000, XP, Vista) and Linux and has additional sw packages such as single sign on, encryption of CDs, Floppies and other removable storge, single file encryption, SafeLan (for network storage) and VOIP encryption. Time for encryption: 40GB drive, 3-4 hours, 80GB, 6-7 hours.  

Truecrypt now offers full disk encryption. It is an open source product. It differs from CompuSec in that its original purpose was to encrypt individual files. Accordingly, it’s install is very quick-only two files. TrueCrypt forces you to burn a rescue disk with the key while CompuSec stores this key in a file which you can store anywhere-USB key, network share, CD, etc.  TrueCrypt is recommended for single laptop encryption for advanced users while CompuSec is recommended for multiple systems because you can use the same key for each system. 

It seems easier to deal with full time employees of an institution if the hardware is owned by the school. What is less clear is how schools deal with students who often use their personal machines when working on client files particularly in clinics. What policies and procedures should be in place to protect client data on student machines?  Should schools ban the use of student personal machines when working on client cases?  Should schools provide students with encryption tools?  Or should schools mandate students have encryption software much like they would mandate the use of an administrators password?  There are no easy answers here but it’s clear schools need to do something to address the risk of confidential information becoming exposed due to theft or loss.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: