2008 hasn't really started any better than 2007 finished - a laptop is stolen from the boot of a car, containing 600,000 personal data records - heaping data disaster upon data disaster. Reality says that laptops will be stolen, even when we think they are secure. I've had a laptop stolen from a hotel room, as have many friends and colleagues, and I know of friends and colleagues who've had laptops stolen from cars, or worse*
While it's wise to do everything to avoid theft (I always use a Kensington lock on my laptop in hotels now), the other important step is to minimise the impact of the loss. According to the BBC news report "Teachers put pupil data at risk", which was prompted by research by RM, teachers in nearly half of England's primary schools back up pupil data on CDs and memory sticks, which they then take out of school. The survey of 933 schools found only 1% of respondents were encrypting the data. And I'm pretty sure that you'll have members of the leadership team in your school who take home a complete copy of your pupil database each night on their laptop (hint: go and look at the laptop belonging to the timetabler first).
The information that I wrote last July on data security is still accurate today, and contains an action plan, but here's a very quick reminder of two ends of the scale:
This is potentially quite a boring subject (and can be quite dry, as I discovered researching this), but the alternative to doing nothing is that you go through quite an 'exciting' time, like HMRC.
We've been through it ourselves - to read our Trustworthy Computing web site for more about our security journey.
* Worse: One friend took his laptop into a supermarket (to avoid leaving it in his boot) and had it stolen from his trolley. Or so he thought. When the security staff at the supermarket watched the CCTV tapes, to help him find the thief, it appeared he'd walked in with an empty trolley. So where was the laptop? On the roof of his car... Before you laugh to hard, I bet you've heard of people leaving phones on the roof of their car, and driving off...
Unfortunately the hardware requirements of BitLocker are not well advertised and it is too late (when a school has shelled out for laptops) to realise that they aren't TPM machines.
Can we have a logo/sticker similar to the Certified for Vista one? I'll even give you the wording: "Bitlocker - secure by design"
You're right, that the normal default way to enable BitLocker is to use a hard disk with TPM (which stands for "Trusted Platform Module"). This is a widget that is built into the hard disk which ensures you can't just take out the disk and put it into another PC and then read the data.
If you are dealing with data that needs to be very secure, then it's worth making sure you're buying laptops that are fitted with TPM chips.
However, you can use BitLocker without TPM(and still achieve the same security) but it takes a little more setting up.
Here's the instructions I found: http://www.vistaclues.com/enable-bitlocker-without-a-tpm/
For more background on security and Windows Vista, then this white paper is pretty good:
Our reseller will only sell us Windows Vista Business. How can we get hold of Bitlocker? WHy on earth isn't that included in the Business SKU?
I wonder if you're buying your Windows Vista licences in the most cost-effective way? Rather than buying a PC with Windows Vista Business, in education it normally costs less to buy Windows Vista Home, and then upgrade via the Academic Select licence to get the Enterprise version.
NB This answer is ONLY applicable to education, for non-education, you'll need to check with your reseller.
If you're in the UK, check out our Education Large Account Resellers here:
And also check this blog post: