Connecticut Governor M. Jodi Rell today announced that more than 6,000 state laptop computers had been encrypted as part of the first phase of an unprecedented IT mobilization to strengthen state information technology security practices.
The encryption effort is one of a series of measures ordered by Governor Rell in the wake of a theft of a state laptop computer containing the names and social security numbers of more than 100,000 state taxpayers. The encryption effort was led by the State Department of Information Technology (DOIT).
"This was an exhaustive effort involving cooperation between staff from agencies throughout the executive branch," Governor Rell said. "It is one of a series of steps that are necessary to secure State data and ensure employees using laptops are exercising extreme care and caution."
Last September, Governor Rell ordered agencies to purge sensitive data on laptop computers and portable storage devices if there was no compelling business need for the information to be stored on those devices.
In addition, she ordered the issuance of the new mobile computing and storage device security policy, with new restrictions and accountability measures -- including mandatory risk assessments and written authorization from the agency head -- for any instance in which restricted or confidential data must reside on a mobile device for business reasons.
The new policy also requires any data residing on a mobile device under these controlled circumstances to be encrypted, limits the amount of data and length of time it may reside on the mobile device and requires protections from unauthorized access and disclosure.
"While this is a major step forward in securing our sensitive data, there is still much to be done," Governor Rell said. "Agencies must continue to abide by the new security policy and incorporate sound security practices and vigilance into their daily routines."
DOIT Chief Information Officer (CIO) Diane Wallace commended agencies for their involvement and cooperation in the laptop encryption effort and rollout of the new mobile device security policy.
"This was an unprecedented enterprise IT security mobilization," Wallace said. "State agencies and IT professionals collaborated to expedite a rapid encryption process, and are essential to the successful, sustained execution of this encryption and security imitative."
The encryption product -- Safeboot -- was selected by DOIT and an interagency working group of 24 information technology professionals from 12 agencies. The initiative cost approximately $652,480 and included the purchase of 33,000 encryption licenses. The additional 24,000 licenses will be used to encrypt mobile storage devices, desktops and other devices identified by DOIT and agencies.