After Hard Lessons, the VA Encrypts It All

The Department of Veterans Affairs is spending $3.7 million to install encryption products on every computing device in the organization. Badly burned in the past four months by two of the most extensive personal data breaches in history, the VA aims to protect veterans' personal information by securing a total of 300,000 hosts, beginning with laptops.

Leadership in information security coming from the federal government is uncommon, so enterprises should learn from this pioneering effort. While encrypting every device seems like overkill, the economies of scale across so many different domains may, down the road, make this move look savvy rather than wasteful. Software costs are decreased because of large block- or site-license discounts; training can be developed once and administered by a single department; and compliance with inevitable data security and privacy regulations can be streamlined.

The VA selected two software vendors: GuardianEdge Technologies for desktop, laptop and removable storage devices, and Trust Digital for mobile devices, including PDAs and wireless phones.

Organizations should also carefully evaluate potential consulting partners. The VA's choice of little-known Syracuse, N.Y., consulting company SMS may have had as much to do with politics and marketing as it did with technology chops--SMS is a veteran-owned company, a fact the VA trumpets. --Patrick Mueller, [email protected]