White House: Encrypt sensitive data

The White House has ordered agencies to encrypt sensitive data, but do agencies even know where all their sensitive personal information is?

Responding to the rash of security breaches, the White House announced new rules requiring federal agencies to encrypt sensitive data, Reuters reports. The deadline for compliance is August.

"The White House directive is a good first step, but we're concerned about the time frame," said John Dasher, director of product management at encryption software maker PGP. "Do they have funds budgeted and allocated? These are the nuts and bolts of the procurement process."

Encryption is far from the whole solution, though.

"I'll bet many organizations can't even tell you where sensitive data is," said Chris Voice, chief technology officer at security software maker Entrust. "Not only should certain data be stored and encrypted properly, but certain people should not have access to it to begin with it."

The breaches have revealed deepset weaknesses in federal data security.

"Agency executives do not know the value of the data they have in their information technology systems and they take security for granted," said Paul Kurtz, director of the Cyber Security Industry Alliance (CSIA) and a former White House computer systems security policy adviser.