Recently several scandals hit the news in both Holland and the U.S.A. involving data theft by lost/stolen laptops, usb sticks and other digital media. The U.S. govenment responds by enforcing encryption of all laptops and other portable devices. Most Dutch government organisations already had some policies regarding sensitive data. The policies are now being strengthened and more rigidly enforced because of the recent incidents.
Governments are not the only organisations with sensitive data. Most businesses do not want their documents fall into the wrong hands. Although a lot of data is harmless in practice because of the missing context, outdated information or no real opportunity to do harm, the credibility damage if data loss is reported in the news can be severe. You may even want your personal stuff protected. When you lose your USB stick you don’t want to worry about potential data theft.
Windows XP (Professional only) has some built-in features to encrypt your data. Encrypting your data this way is very easy, but does not work on USB sticks and it may be impossible to restore the encrypted data when you reinstall Windows.
Update: recently Microsoft released another tool: Private Folder, to keep data secure with a separate password, which runs on XP Home as well. The site describes that is handy while working on a shared account (e.g. with the kids at home). Ironically, the software only seems to offer a single non-USB folder protection per account, so only one user can keep stuff private. There is an export/import feature that allows moving encrypted files on an USB stick, but it does not protect the file names, only the file contents, and it’s clumsy to use.
A more versatile and powerful tool is the free and open source TrueCrypt. With TrueCrypt you can create a volume file on your hard drive or USB stick. The volume file can then be mounted as a new disk drive by entering a password or using a keyfile. The drive can then be used just like an ordinary disk, but all contents will be encrypted/decrypted on the fly. I use it to encrypt part of my USB stick and part of my laptop. Free, easy to use and portable, this is a very nice tool for basic protection needs. If you are still using naked USB sticks I recommend giving TrueCrypt a spin.
With all the emphasis on encryption, organisations may face a new challenge: how to do auditing? With encryption it becomes easier to hide data from other eyes, which makes it easier for people to steal from the inside. To keep auditing possible additional policies and tools need to be enforced, but at this time I do not see a lot of attention for this. Maybe we need some new scandals before these new issues will be resolved as well…