At long last, the secret is out: Microsoft now has a solution toolkit to help companies make sure that their sensitive data is properly protected on mobile PCs. Last week at TechEd, they formally announced the Data Encryption Toolkit for Mobile PCs, which combines a thorough analysis of the BitLocker and Encrypting File System features of Windows with a set of prescriptive instructions on how to use BitLocker and/or EFS to protect your company’s data. There’s also a nifty tool, the EFS Assistant, that you can deploy to automatically scan for files that should be protected, then encrypt them with EFS.
3Sharp was responsible for the entire document set; I worked with David Mowers on the security analysis and wrote the planning and implementation guide, and Paul Flynn wrote the bulk of the EFS Assistant administrator’s guide. It’s great to have this toolkit out in the world, because I really believe it will help people avoid mishaps like what happened to TJX (so far, they’ve spent $20 million in 1Q 07 alone, with more to come!)