Considering the number of incidents of leaks of Federal data, and the fact that there are entities actively attempting to steal sensitive data I feel as if it is time for the Government to encrypt all of its data. Every hard disk, thumb drive, email, backup media, etc. Encryption should become the rule instead of the exception. I find it hard to believe that sensitive data is being stored and transmitted as clear text or by other insecure means. It would likely be more cost effective for the Government to develop its own advanced encryption suite to address each type of storage media, and distribute it at no charge to all of its agencies than it would be to purchase such technology.
Making data encryption the standard could reduce the amount of resources required for low and moderate rated systems if the goal of system security is ultimately the security of the data. I am not saying that encryption is the silver bullet to data security, but it should no longer be viewed as optional in these times when social engineering, phishing, and hardware theft/loss are daily occurrences encryption provides the best bang for the buck.
I am aware that data encryption has drawbacks, but in my opinion these drawbacks are by far exceeded by benefits for most users. For the average Word, Excel, Access, Outlook user hard disk encryption should not cause a noticeable deterioration of system performance. Only the most hard core users running specialized software which requires massive data transfers at high speeds would be affected, and I would hope that the majority of these users are operating on secure networks and/or they have other encryption solutions already in place.
It would please me very much to see NIST or a much needed FISMA reform move the bar towards standardized data encryption for all media, mobile devices, desktops, and laptops at a minimum. The costs and risks created by data breaches are far too high to not take simple steps to reduce the impact of such breeches.
Sphere: Related Content
