An article on ComputerWorld illustrates why I don’t care for media rags and prefer news straight from security professionals (blogs, email, etc).
State officials announced late last week that they have agreed to purchase about 60,000 licenses of McAfee Inc.’s SafeBoot encryption software.
Ohio officials moved to launch a hefty security policy makeover after a backup tape containing Social Security and other personal information of residents was taken from the car of a government intern in June.
What’s wrong with this picture? Well, even the article lists the features of SafeBoot, and they don’t include encrypting backup tapes. So this is a misleading article that any knowledgable IT staffer in Ohio has to be a bit annoyed about. That’s also a hell of a lot of licenses. I wonder how long and how painful that roll-out process is going to be…
It also goes to show that while Ohio may have some policy, process, and people problems when it comes to digital security (and have maybe addressed them!), the measures that seem easiest to do and report on are technological controls like the purchase of yet more software to patch the problems. Reminds me of conversations about internal security. “Upper management would rather not think about internal employees being malicious; they want to trust and empower them, not treat them as potential criminals.” Hence, technology is a far easier pill to swallow for such paradigms…