There shouldn’t be any excuses. But really there haven’t been any excuses for years. Free encryption solutions and some very good commercial applications have been around since the vulnerability was “discovered.” Despite more rigorous legislation and increased media visibility data exposure via PC loss continues. Heck, even the most punitive outcome to businesses (customer loss) doesn’t seem to have slowed occurrences. So why then, is this still a problem?

I think there are two fundamental reasons (alluded to in both the article and many of the comments above). First, encryption is a pain-in-the- you know what. It’s tough for deploy and manage. Ask yourself why else would there be repeated offenses by both private companies and the public sector many months after their reported committment to deploy XYZ encryption solution? Secondly, solutions that require employees (users) to be involved in the security solution or process – whatever it may be – are flawed. When faced with a security/productivity tradeoff employees will always opt for productivity. A recovery disk in the event of encryption failure (or as Mike describes it, when encryption “Bites the bullet”) seems reasonable. Are you kidding? Know when you won’t have your recovery disk? When encryption fails and locks you out of your computer just minutes before the biggest sales presentation of your career!

Cam Roberson
http://pcsecurityblog.beachheadsolutions.com