Mar 20 2008

Connecticut Implements Encryption

Executive branch rolls out SafeBoot to nearly 6,000 notebook computers to better protect state data.

IT workers from the Connecticut Department of Information Technology recently completed the first phase of a massive security undertaking by encrypting nearly 6,000 notebook computers. This effort comes in response to the theft last year of a state-owned notebook computer that contained Social Security numbers of more than 100,000 citizens.

Gov. M. Jodi Rell had ordered a new mobile computing policy requiring any data residing on a mobile device to be encrypted. “It is one of a series of steps that are necessary to secure state data and ensure employees using laptops are exercising extreme care and caution,” Gov. Rell said.

Diane Wallace, CIO of the Department of Information Technology, praised her staff. “This was an unprecedented enterprise-IT security mobilization,” Wallace said. “State agencies and IT professionals collaborated to expedite a rapid encryption process and are essential to the successful, sustained execution of this encryption and security initiative.”

The Department of Information Technology and an interagency working group of 24 IT pros from 12 agencies chose to deploy SafeBoot encryption. (SafeBoot is now owned by McAfee and is known as McAfee Endpoint Encryption.) Connecticut spent about $652,480 on the first phase of this security initiative, which includes the purchase of 33,000 encryption licenses. There’s ample work ahead, as the remaining 24,000 licenses will be used to protect mobile storage devices, desktops and other devices.

The encryption rollout is only one part of the new security policy, which includes restrictions and accountability measures, such as mandatory risk assessments and written authorization from the agency head for any instance in which restricted or confidential data must reside on a mobile device for business reasons. When data does reside on a mobile device, it must be encrypted, and there’s a limit to how much data may reside on a mobile device and for how long.

“While this is a major step forward in securing our sensitive data, there is still much to be done,” Gov. Rell said. “Agencies must continue to abide by the new security policy and incorporate sound security practices and vigilance into their daily routines.”