The U.S. Department of Education is rolling out desktop encryption software in a way that links the cryptographic process to employees' government-issued Personal Identity Verification (PIV) smart cards. The system, which is based on PGP's disk encryption technology, is intended to meet government rules for safeguarding sensitive financial and personal information, says Phillip Loranger, chief information security officer at the Department of Education. "There is a large amount of financial resources we're responsible for; we are in the student-loan business and we interface with universities and colleges," Loranger says. Tying encryption to the PIV card is a novel approach that will offer stronger authentication than a simple password. The Department of Education is actually "one of the largest banks in the country, with grants, student loans and school financial requests," he says.
The agency picked PGP in part because the encryption software company is willing to do some custom development to make sure that its Whole Disk Encryption software works with the government-issued PIV smart card and Microsoft Active Directory, Loranger says. Biometrics: The human body as proof of identity The Department of Education intends to first deploy PGP's Whole Disk Encryption on all mobile computers to protect data at rest. Loranger says he's in favor of the more stringent security tied to the PIV smart cards, but he acknowledges there will be situations when end users forget their PIV cards or lose them. In such circumstances, employees won't be locked out of their computers but will be granted a temporary password they can use for 24 hours, he says.