Cloud // Cloud Storage
News
5/26/2009
04:53 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Department Of The Interior Can't Locate Many PCs

The federal agency can't locate 20% of its computers and, because it has no encryption requirements, the missing PCs could be vulnerable to data theft or loss.

The Department of the Interior can't specifically locate 20% of a sample of 2,500 computers -- largely in the Fish and Wildlife Service -- and is definitely missing at least 13 computers, according to a report by the department's inspector general. To make matters worse, the department has no encryption requirements, so there's concern that missing PCs might be vulnerable to data theft or loss.

In many cases, the Interior Department can't even tell where or to whom agency computers are assigned, the report noted. Fish and Wildlife Service records were singled out as especially poor. The Interior Department's accountability is bad enough that the 13 computers identified as missing wouldn't have even been identified as such if not for the inspector general's report.

Between October 2007 and November 2008, the department reported the loss of 66 laptops, including 17 losses identified as "high criticality." The agencies with the highest reported incidence of loss were actually the ones most able to provide information on the locations of their laptops to the inspector general, suggesting that these numbers could be even higher.

"Given the department's diverse missions, varying and often opposing constituencies, and controversial issues including environmental and Indian trust matters, infrastructure assets such as dams, bridges, and monuments, and land and minerals management activities, information control is essential," the inspector general wrote in the report.

Despite policies mandated by the Federal Information Systems Management Act and other regulations, including rules that say computers should not be left unattended in plain view and that organizations should establish policies to protect their systems from unauthorized access, the Department of the Interior doesn't require that any hardware that costs less than $5,000 -- that would cover most PCs -- be tracked in an asset management system, and the current tracking system doesn't have proper backing, according to the report.

That system, run by the National Business Center, only recently began, and the report says that it's "facing challenges" because the various Interior Department subagencies individually report laptop purchases to the NBC.

The report recommends that the department take a number of steps to improve asset management, including establishing a consistent chain of custody for computers, consistently wiping drives clean before disposing of PCs, reporting all losses or thefts to a centralized Computer Incident Response Center, and immediately encrypting all departmental PCs.


InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.