All the latest UK technology news, reviews and analysis
|
|
|
30 Jul 2008
A report by the US Government Accountability Office has found that key federal departments are failing to take data security seriously.
The 15-month investigation into 24 major federal agencies found that around 70 per cent of laptops and handhelds do not use encryption, leaving the data available to anyone.
Since 2007 new rules from the Office of Management and Budget (OMB) require all federal laptops to be encrypted, but these are largely being ignored.
The GAO Report to Congressional Requesters (PDF) warned that many departments had not even begun to identify what data should be encrypted.
"We are recommending that the OMB clarify a government-wide encryption policy to address agency efforts to plan for and implement encryption technologies," said the report.
"We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel."
The report highlighted some unusually poor practice, including employees at Nasa refusing to put encryption software on their laptops, and members of the Department of Education who were not told that encryption software was installed.
The report makes 20 recommendations to improve the level of data security in government, including large scale education programmes and a generic data encryption policy that can be rolled out across agencies.
Latest stories from Public Sector
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
As part of a major implementation of a new inventory...
Information/Data Architect - MDM - Master Data Management...
Code Red Associates (CRA) is a leading supplier of Permanent...
A fantastic opportunity has arisen for an experienced...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Encryption is the future... so let's make it happen
Baffling stuff.... Here's the chairman of the House Committee on Homeland Security, Rep. Bennie G. Thompson's, response to the GOA's report: ?Encryption is not an option, it is a mandate." Concerned private citizens ought to be up in arms at the government's negligence and oversight. They need to act as early adopters when it comes to protecting sensitive data. I suspect the reason more government agencies have resisted encrypting all or at least more of their data is due to the largely manual process of updating and managing the certs and keys. The GOA's report largely confirms this suspicion in its report. "Our tests at 6 selected agencies revealed weaknesses in the encryption implementation practices involving the installation and configuration of FIPS-validated cryptographic modules encryption products, monitoring the effectiveness of installed encryption technologies, the development and documentation of policies and procedures for managing these technologies, and the training of personnel in the proper use of installed encryption products. As a result of these weaknesses, federal information may remain at increased risk of unauthorized disclosure, loss, and modification. " There are some very robust solutions from well-established ISVs that address this encryption management challenge.
Posted by: Gregory 01 Aug 2008