In 2008, an unencrypted laptop went missing from the car of a worker at Barnabas Health, New Jersey's largest health care system. And, although fewer than 2,000 records were exposed, the health care provider subsequently made self-encrypting drive (SED), a type of hardware-based encryption, a mandatory part of its mobile device upgrade process.

“Everyone who gets a new laptop must have SED enabled,” says Hussein Syed, director of IT security at Barnabas Health, which consists of 4,600 physicians, seven medical facilities and two business offices. “We don't want to incur another incident because someone left a document on a device and then lost it.”

The encryption cannot be tampered with by users, and access is easier because assigned users now need only one master login to access all their provisioned resources (via Active Directory). SED takes only minutes to initially encrypt the full contents of the hard drive, compared to 36 hours using an older, software-based disk encryption. And, using a third-party encryption management service from Wave Systems, machines can be provisioned just as quickly, says Syed.