Recently several scandals hit the news in both Holland and the U.S.A. involving data theft by lost/stolen laptops, usb sticks and other digital media. The U.S. govenment responds by enforcing encryption of all laptops and other portable devices. Most Dutch government organisations already had some policies regarding sensitive data. The policies are now being strengthened and more rigidly enforced because of the recent incidents.
Governments are not the only organisations with sensitive data. Most businesses do not want their documents fall into the wrong hands. Although a lot of data is harmless in practice because of the missing context, outdated information or no real opportunity to do harm, the credibility damage if data loss is reported in the news can be severe. You may even want your personal stuff protected. When you lose your USB stick you don’t want to worry about potential data theft.
Windows XP (Professional only) has some built-in features to encrypt your data. Encrypting your data this way is very easy, but does not work on USB sticks and it may be impossible to restore the encrypted data when you reinstall Windows.
Update: recently Microsoft released another tool: Private Folder, to keep data secure with a separate password, which runs on XP Home as well. The site describes that is handy while working on a shared account (e.g. with the kids at home). Ironically, the software only seems to offer a single non-USB folder protection per account, so only one user can keep stuff private. There is an export/import feature that allows moving encrypted files on an USB stick, but it does not protect the file names, only the file contents, and it’s clumsy to use.
A more versatile and powerful tool is the free and open source TrueCrypt. With TrueCrypt you can create a volume file on your hard drive or USB stick. The volume file can then be mounted as a new disk drive by entering a password or using a keyfile. The drive can then be used just like an ordinary disk, but all contents will be encrypted/decrypted on the fly. I use it to encrypt part of my USB stick and part of my laptop. Free, easy to use and portable, this is a very nice tool for basic protection needs. If you are still using naked USB sticks I recommend giving TrueCrypt a spin.
With all the emphasis on encryption, organisations may face a new challenge: how to do auditing? With encryption it becomes easier to hide data from other eyes, which makes it easier for people to steal from the inside. To keep auditing possible additional policies and tools need to be enforced, but at this time I do not see a lot of attention for this. Maybe we need some new scandals before these new issues will be resolved as well…
3 comments
The first option that you describe only works within one domain and where you share you encryption certificate among the computers you want to encrypt/decrypt your data with.
The problem that you are having is that the usb key is fat and encryption only works with ntfs. So just format the key with ntfs and you can use encryption. Just make sure you back-up your encryption certificate NOT encrypted in a safe place. I use a shared folder on my network. I only use it for encrypting stuff on my notebook and usbkeys.
Ramon Smits
Ramon, thanks for your suggestions. 🙂 Some more hints for people who don’t want to use TrueCrypt.
The problem I have with USB key/portable media encryption using the built-in XP Pro feature is that is clearly not designed for portable media encryption. I need to attach to multiple domains/accounts: my home account, the Info Support account, the account at the customer. Sharing the certificate using a network share is not possible. On top of that: the customer desktop runs Windows 2000, so it won’t even work there anyway. 🙂 I need something more flexible.
Peter Hendriks
Here you find usb sticks http://www.smart-promotions.nl
jasonblue