The Defence Signals Directorate (DSD) has made an important step in further assuring classified information is now more portable and secure with its completed evaluation of an Australian designed hardware-based encryption product.
The DSD has completed a high-grade evaluation of the West Australian based Secure Systems' Silicon Data Vault hardware system.
It is one of the few products available in the local market that is suitable for the storage and protection of information on laptops at the high classification level, according to Ian McKenzie, DSD director.
"This successful evaluation is an important step in not only the protection of classified electronic information, but also the government's ability to transport this type of information securely," he added.
McKenzie said the system underwent a battery of tests during the evaluation process.
It has already completed a Common Criteria evaluation at the Evaluation Assurance Level (EAL) 2 and a DSD cryptographic evaluation enabling it to secure information to "Restricted" level.
With some minor enhancements, he said the product is now able to be used in systems that protect the higher classification levels.
Even though encryption technologies have been widely available for more than 10 years, it is fair to say they have been slow to catch on.
But a long list of high profile data breaches, stolen laptops, missing tapes and nasty litigation have stepped up the pace.
Research shows many organizations lack an encryption strategy and "encryption is a strategic initiative" according to Jon Oltsik, an analyst at the Enterprise Strategy Group.
"The difficulty arises because encryption comes into organizations organically, not strategically," he said.
PGP chief information security officer, Lawrence Hale, said companies often hesitate when it comes to encrypting large amounts of data because the mathematical algorithms used in encryption and decryption are computationally intensive.
Hale said it can take six to eight hours to encrypt a 60GB to 80GB hard drive from scratch. But that's a one-time job for each drive.
Once it's done, the day-to-day incremental encryption and decryption run in the background, unnoticed by users.
- with Gary Anthes