The industry's leading disk encryption vendors are embroiled in a heated 90-day contest to win a contract to secure mobile computers across the U.S. federal government.
The contest is the result of a federal mandate issued in June, following the theft of a laptop containing the personal data of approximately 26.5 million veterans from an employee of the Department of Veterans Affairs. (See After Hard Lessons, The VA Encrypts It All.) The mandate requires the encryption of all data on government-owned mobile devices, unless top officials designate the data as non-sensitive.
To evaluate potential encryption solutions, the government is conducting side-by-side comparisons of a variety of encryption products, including full-disk encryption gear. Some of the participating vendors include Dell, Microsoft, and Seagate Technology, as well as encryption tool vendors such as Credant Technologies, Merlin International, PointSec Mobile Technologies, and SafeNet.
The bakeoff's documentation does not expressly state that there will be a single winner, nor does it state that the winner will be given a single contract to deliver all of the encryption technology for the millions of laptops and mobile devices in use by the federal government. But any vendor that comes out on top will likely have an inside track not only for the government business, but for the business of contractors and suppliers, experts say.
"The selected product will be deployed on millions of computers in the federal government space," writes Saqib Ali in an article published by the Full Disk Encryption (FDE) forum.
While encryption is a critical part of the mandate, there are other aspects as well. For example, officials are also requiring two-factor authentication, as well as the means to prevent users from storing some types of personal data remotely.
The evaluation period is scheduled to end in 90 days, around the end of March. A list of the requirements for the encryption systems can be found here.
Tim Wilson, Site Editor, Dark Reading