U.S. Department of Education With PGP Disk Encryption

PGP Corporation announced that the U.S. Department of Education is leveraging PGP Corporation’s patented encryption technology to improve its data security, regulatory compliance and staff productivity.

More importantly, the department is relying on PGP solutions to protect Americans’ personally identifiable information (PII) while making it easier for its mobile users to more securely access agency IT systems from remote locations.

The U.S. Department of Education, a federal agency with 4,200 employees, promotes excellence in education at all levels. The agency stores, accesses and transmits a tremendous amount of sensitive data daily, including confidential information on students and financial aid. It must also comply with numerous federal mandates for national security, cybersecurity and identity management. To do this effectively, the department needed a complete, compliant global solution to protect sensitive data from compromise while in transit and at rest.

Phillip Loranger, the department’s Chief Information Security Officer, oversaw the project to incorporate PGP Whole Disk Encryption with PGP Universal Server into the department’s Personal Identity Verification (PIV) card system. He also had to bring full-disk encryption and two-factor authentication to PIV card holders using mobile devices. The Education Department, along with all other federal agencies, must issue PIV cards to enhance security, reduce identity fraud and guard the personal information of card holders.

Loranger performed a trial run with the technology with a few select agency components in December 2008. PGP solutions and staff met all requirements and exceeded expectations.

By using the PIV log-in and the PGP Whole Disk Encryption solution, the Department of Education has experienced easier desktop authentication and improved user compliance. In addition to improving security, it has lowered agency cultural barriers to using encryption, which persist because many agency employees still think encryption is costly and hurts IT system performance, which is no longer the case with today’s technology.

When the initial deployment was started, the staff complained about ‘more security stuff,’ but two weeks later, the attitude had changed. Staff is now embracing the new security system.

The technology will start rolling out to the whole department starting in the fourth quarter of 2009 and the project is scheduled for full implementation by the third quarter of 2010.

PGP Corporation wanted to help the department better achieve its mission, not just comply with mandates. In order to ensure The Education Department interests got the right attention, CEO Phil Dunkelberger took an active role in the project. By understanding what the customer wanted to do and what was possible in their environment, Dunkelberger and his technology team were able to empower the customer.

"The Education Department is the steward of personal information of millions of Americans and thus needs to ensure only the right people can access the right information in the right way," Dunkelberger said. "We are happy to help the department – and all federal agencies – meet their security and compliance responsibilities while making it easier for employees to do their jobs."