VA to add encryption tools to all of its PCs

$3.7M rollout also includes agency's mobile devices

The U.S. Department of Veterans Affairs last week said it plans to spend $3.7 million to install data encryption software on all of its laptop and desktop PCs as well as the handhelds and smart phones issued to agency workers.

In addition, VA Secretary R. James Nicholson has directed the department's IT and security managers to explore the possible installation of enterprise-level encryption technologies on all servers.

The encryption rollout is part of the VA's effort to boost information security following the theft in May of hardware containing the personal data of 26.5 million veterans and active-duty military personnel. The agency also has disclosed several smaller breaches since then, including the disappearance this month of a desktop system containing data on 38,000 veterans from an office of subcontractor Unisys Corp.

"I have promised America's veterans that I intend to make VA information security a model, and this expedited encryption program is a major step in that direction," Nicholson said in a statement.

Laptops First

The installation of the encryption software was scheduled to start Friday on the VA's laptops, and the agency said that Nicholson expects all of those systems to have the new tools within a month. Deployments on desktop systems and portable devices will follow.

SMS Inc., a veteran-owned company in Syracuse, N.Y., will handle the installation process for the VA. The agency said SMS will deploy a pair of software packages: GuardianEdge Technologies Inc.'s Encryption Anywhere and Trust Digital Inc.'s Mobile Edge Device Security tools.

The encryption technology will be installed on about 300,000 devices, said Warren Smith, vice president of marketing at San Francisco-based GuardianEdge. Encryption Anywhere is slated to be used on PCs and removable storage devices, according to Smith. The software from McLean, Va.-based Trust Digital will provide encryption capabilities on mobile devices.

The theft of a laptop and hard drive from a VA data analyst's home in early May prompted criticism of the VA's IT security program from Congress. Law enforcement agents recovered the hardware in late June, and the FBI said its forensic tests suggested that the thieves hadn't accessed the personal data on the devices.

The VA withdrew an offer of free credit monitoring services as a result of the FBI's findings. But the agency said this month that San Diego-based ID Analytics Inc. will monitor for possible misuse of the information by checking the VA's database against its fraud-detection technology.

Meanwhile, Unisys last week announced that in cooperation with the FBI and the VA's inspector general, it is offering a reward of up to $50,000 for information that leads to the recovery of its missing desktop system. Gross writes for the IDG News Service.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon