According to The Guardian, BP have just lost a laptop containing 13,000 personal records related to the Gulf oil spill. And the laptop had no encryption. So where are we with encryption in education?
I've been a BitLocker encryption user since the days of Windows Vista on my laptop, and since that time I have been reassured to know that should something happen to my laptop, all of the data on it is fully encrypted and secure. The whole process was very smooth – I simply enabled it in the Control Panel, and the encryption happened in the background over a morning.
What astounds me is that more organisations don't deploy BitLocker encryption onto their laptops as standard. After all, it's easy and it's included with Windows Enterprise versions - which schools, TAFEs and universities will be licensed for as part of a Campus, School or EES Agreement. And it's a fire-and-forget protection - once you have enabled it, you can forget it's there. I have been happily using a laptop which is fully encrypted by BitLocker for the last two years, and it's never bothered me or interfered with what I need to do.
A typical laptop for a teacher or member of school staff is likely to have piles of sensitive data on it - whether that's student lists, reports, or really sensitive information such as special needs or child protection information. So why would they not be automatically encrypted with BitLocker before you hand them to staff? Or retrospectively encrypted now? Encryption in education worldwide seems to be entirely reactively driven - it happens only once a significant data loss.
If you want to know what's involved in deploying Windows encryption, there's an excellent TechNet article written by the Microsoft IT team – they’re the people that keep all of our in-house IT systems running.
The article deals with both the technical, and managerial issues, of managing the introduction, and also gives a unique insight into the challenges of change in a very tech-savvy environment. And the article is incredibly honest about the challenges faced, and the lessons learned. Here’s an extract":
Lessons learned during Microsoft IT's BitLocker deployment include:
- Microsoft IT tried to retrofit the environment with BitLocker. A better approach would have been to move forward with new computers and then upgrade only existing computers that had the highest security risk.
- Microsoft IT thought BitLocker would be easier to deploy than it was. Microsoft IT relied on the BitLocker Preparation Tool to handle all aspects but found during testing that it failed in some situations, primarily due to locked files when trying to shrink the partition.
- Hardware needs rigorous testing at scale. Computers that test well in a lab environment sometimes yield different results in a production environment. In other words, one computer in a lab might look fine but thousands in the production environment have variance, such as differences in the BIOS.
- Recognizing high-business-impact data is a difficult, industry-wide issue. Few tools are available that enable organizations to find the types of high-business-impact data that users have on their computers.
Read the whole article here, and if you have time take a look at the whole IT Showcase section – a large section of the website in which the Microsoft IT team share their experiences in running a complex IT infrastructure (The “How Microsoft IT reduces costs” section is especially interesting)h