Betting chain William Hill has become one of the first UK companies of any size to mandate full disk encryption (FDE) on company laptops, announcing a tie-up with data protection specialist PGP.
PGP will provide the encryption in the form of its full disk security software, complimented by the company's Universal Server for key management, replacing an older but unnamed system that had hit problems in terms of its management and performance.
The precise size of the laptop pool that will receive the software has not been disclosed, but a sizable minority of the company 14,000 employees, spread across 2,000 offices in the UK, move around with laptops full of customer financial data. The numbers were described by Jamie Cowper of PGP as running to "in four figures."
"We want just one, central management server that can control all encryption applications, rather than lots of dispersed, siloed environments," said William Hill's security manager, Nick Copley, in the official release.
William Hill hadn't had any publicised problems with 'lost laptops' in recent times, but the company was said to be aware of the need to meet various layers of compliance in the way that customer data is handled in its business.
"With the PGP Encryption Platform we get whole disk encryption, and can utilise the benefits of the PGP encryption in other information areas in a holistic, single-vendor platform approach," said Copley.
It appears that the later comment points to part of the attraction of PGP - Buying FDE as a 'platform' made sense because it could, further down the line, be extended to other types of data security such as email.
William Hill didn't name the old system displaced by PGP, but said it had been in use for several years. Lacking a remote management system, PGP software was loaded only after recalling every laptop and manually de-installing the software, ready for the upgrade, the company said.
The need for such technology is no longer in any doubt, even the ultimate one of having to talk about it publically, something that breaks the deepest taboo on security projects - don't tell anyone what security system you are using.
The alternative to PGP's software design is to embed the encryption on the drive itself using a special chip and special firmware. The drawback of this approach is that it tends to tie the customer into a specific management platform.