ABSTRACT
The Department of Surgery at the University Of Washington School Of Medicine is faced with the challenge of providing IT security to faculty, researchers, and staff within a clinical hospital environment and at multiple sites. Many departmental faculty and staff use laptops running Windows XP and often find it necessary to travel to multiple locations throughout the day or week. Additionally, regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA) mandate the protection of protected health information (PHI) and student data that many members of the department interact with as a normal part of their work. Such data stored on departmental laptops must be secured. Concerned with data security, the department is deploying PGP Universal in order to protect this fleet of laptops with a centrally managed, whole disk encryption solution.
A centrally managed whole disk encryption solution was desired for both Windows XP and a small number of Macintosh laptops, but not available for the latter. The Department of Surgery IT Services Group (ITSG) selected PGP Universal for the Windows-based solution and monitors PGP Corporation's ongoing development of a Mac OS X whole disk encryption solution. ITSG staff tested PGP and a deployment process was developed in the hopes of avoiding technical problems. Minor installation problems that did occur were found to be the result of computing staff's deviation from installation procedures. The amount of time required to deploy the solution across the department was underestimated; the project has taken additional time for several reasons, including the difficulty in coordinating installations with a mobile workforce; a number of competing, large scale products; and possibly the ITSG organizational structure. While the use of PGP whole disk encryption has necessitated a change in behavior for both laptop users and ITSG staff, these changes are minor and can be addressed with careful planning and forethought.
- About UW Medicine. http://uwmedicine.washington.edu/Global/AboutUWMedicine/, (retrieved May 20, 2008)Google Scholar
- Apple Inc., FileVault. http://www.apple.com/sg/macosx/features/filevault/, (retrieved May 31, 2008)Google Scholar
- Check Point Full Disk Encryption. http://www.checkpoint.com/products/datasecurity/pc/index.html, (retrieved May 31, 2008)Google Scholar
- Encrypting File System. http://technet2.microsoft.com/windowsserver2008/en/library/69f04dd7-bced-4079-84e9-095b8dc563991033.mspx?mfr=true, (retrieved May 31, 2008)Google Scholar
- Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Applebaum, J., and Felten, E. Lest we remember: Cold boot attacks on encryption keys. April 2, 2008. http://citp.princeton.edu/pub/coldboot.pdf, (retrieved June 1, 2008) Google ScholarDigital Library
- McCullagh, D. PGP: Whole disk encryption for Mac OS X is in 'active development'. February 11, 2008. http://news.cnet.com/8301-10784_3-9869812-7.html, (retrieved May 31, 2008)Google Scholar
- PGP Corporation, PGP Universal Server. http://www.pgp.com/products/universal_server/index.html, (retrieved May 20, 2008)Google Scholar
- PGP Corporation, PGP Whole Disk Encryption. http://www.pgp.com/products/wholediskencryption/index.html, (retrieved May 20, 2008)Google Scholar
- PGP Corporation, PGP Whole Disk Encryption for Mac OS X. http://www.pgp.com/mac, (retrieved June 20, 2008)Google Scholar
- UW Department of Surgery. http://depts.washington.edu/surgery/about/index.html, (retrieved May 20, 2008)Google Scholar
Index Terms
- PGP whole disk encryption: blazing trails in IT security at UW Medicine
Recommendations
Deploying PGP whole disk encryption in Mac OS X
SIGUCCS '09: Proceedings of the 37th annual ACM SIGUCCS fall conference: communication and collaborationThe University Of Washington Department of Surgery IT Services Group supports faculty, researchers, and staff within a clinical hospital environment and at multiple sites. Because of the need to secure protected health information (PHI) due to ...
Evil maid goes after PGP whole disk encryption
SIN '10: Proceedings of the 3rd international conference on Security of information and networksFull disk encryption systems are widely used to protect the information from unauthorized access. A common application of such systems is laptop hard drive and removable media encryption, because these can be easily lost or stolen. Indeed, if we assume ...
An integration of PGP and MIME
SNDSS '96: Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)Internet text mail has been developing to satisfy various user requests, such as transporting non-textual objects and privacy enhancements. While MIME redefined the mail body format to support non-textual objects and multipart structure, PGP provides ...
Comments