National lab looks to encryption to secure mobile devices

Tech Success: IT solutions in action

Project: Notebook PC encryption

Agency: Pacific Northwest Laboratory

Partner: Pointsec Mobile Technologies Inc.

Goal: Secure the drives of notebooks that have sensitive data, especially when the devices are used during foreign travel.

Obstacles: Scientists and other lab employees needed an easy-to-use solution that did not interfere with their work.

Solution: The lab selected a transparent, full-disk encryption solution that runs in the background.

Payoff: Even if lost or stolen, data on computer devices remains secure.

While on travel for work, the hotel room of an Army official was broken into, and his notebook PC was stolen. But unable to start the computer, reset or extract any data from it, the thief returned it to the front desk, said Bob Egner, a vice president with Pointsec Mobile Technologies Inc., Lisle, Ill.

The notebook was locked, and its data was encrypted with a Pointsec tool, Egner said.

Seeking that same level of security, officials at the Pacific Northwest National Laboratory turned to full-notebook encryption, said IT services project manager Troy Juntunen. The lab had used file-level encryption, but wanted an additional layer of protection.

"We saw that whole-disk encryption was definitely a very good option and offered a high level of protection," Juntunen said. "We wanted to encrypt the drive and protect it, so if the hardware was stolen, we wouldn't have to worry about the data being compromised."

Security is key

Data protection is important for the laboratory, because of the sensitive nature of the work of its scientists and researchers.

The lab is involved in cleanup work at the World War II-era Hanford, Wash., nuclear site. It's also a leader in nuclear non-proliferation and works in the fields of energy, environment and life sciences. Such a diverse mission requires traveling around the globe, as far as Russia and Ukraine.

The first phase of the project involved ensuring the security of notebooks used for overseas work, Juntunen said.

"Obviously, we wanted to make sure the time and money spent on the development of information was going to be safe and secure," he said.

Laboratory officials also wanted a solution that users wouldn't find cumbersome. It had to be transparent and require no user maintenance.

Although, for ease of use, the solution had to minimize the number of logons required, lab officials use Pointsec boot-logon protection to authenticate users before the operating system loads.

The lab also uses the product's lockout feature, which prevents logins after a specified number of failed attempts. When a device is locked out, a lab administrator must unlock it. That can be a challenge for agencies that don't operate 24 hours a day, and it's a factor that systems integrators and customers should consider when installing an encryption solution.

The lab's help desk assists traveling staff to get back into locked-out systems. Help-desk members talk users through a challenging process to regain access to their devices.

Those devices are not necessarily notebook PCs, said Pointsec's Egner. Over the past two years, the U.S. market, particularly the government market, has seen a large amount of data compromised because of lost or stolen computer hardware.

Many incidents involve notebook computers "because they have a very large hard drive," Egner said. "But it is also things such as removable media: USB memory sticks, writable CDs, optical drives or external hard drives that might have a lot of information."

As the equipment grows smaller, the likelihood that it can be lost and stolen grows larger, making encryption a more important measure to take.

Policy double take

Wrestling with these issues is a good time for systems integrators and agencies to re-examine security policies, no matter how recently they were drafted, Egner said.

"One of the things we've seen in the U.S. government space, on the defense side as well as the civilian side, is that many organizations have put together security policies in the past that have become invalid, given the expanding mobility trend," he said.

"If they had a security policy from a number of years ago, [they] made an assumption that all the computer equipment was safely locked inside a locked building," Egner said. "But now, with the advent of more and more notebook computers, and smaller and smaller smart phones that can receive e-mail, suddenly the security policies assumptions are no longer true."

When integrators approach an encryption project, they should test compatibility of software on all the PC configurations that an agency has, he said. A worker doing clerical work, for example, will have a different configuration from that of an engineer doing classified work.

Agencies also need to ensure that the support system and help desk are ready to work with the encryption software.

Pointsec will work with an organization's patch management system, according to the company. If the organization has no patch management in place, the product can handle update tasks.

Now the Pacific Northwest Laboratory is sharing what it has learned about device encryption.

"I've been talking to a number of other laboratories within the Energy Department that are looking to do the same thing," Juntunen said. "They want to leverage the knowledge from somebody that's already done that. Our simple deployment had made it easy to replicate."

If you have an innovative solution that you installed in a government agency, contact Staff Writer Doug Beizer at dbeizer@postnewsweektech.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!