They have - by mandating that appropriate controls are implemented, including full disk encryption. See http://www.cabinetoffice.gov.uk/spf/sp4_isa.aspx - specifically requirement #40.
Truecrypt is not a product tested and approved by http://www.cesg.gov.uk/ so it can't be used for UK government business. If someone is willing to pony up the accreditation fees, and it passes, then it can be used.
These new UK gov regulations are interesting - they make specific nominated individuals in every government organisation personally responsible for data security - with penalties including fines and prison. Unsurprisingly, data security is now very heavily implemented and monitored.
All UK government devices storing information classified as RESTRICTED ( no US equivalent) must have two factor authentication, and full disk encryption using a FIPS140 certified product from a CESG-approved list. Anything carrying CONFIDENTIAL or SECRET has the same, plus additional techniques and handling protocols to ensure CIA (confidentiality, integrity, assurance). TOP SECRET isn't discussed in open forums.
This is a non story if they are accidental losses. All organisations, including those within and around the intelligence communities, lose assets. The real questions should be (1) was it accidental, (2) if not, who made the effort and (3) are you confident the systems in place will protect the information for long enough until its value decreases below the effort required to recover it.
To be honest, the more pressing issue for ordinary citizens is not governments protecting or losing information about citizens, but private organisations.
This would be the UK that led the development of modern computing with the work of Alan Turing, led the development of the use of computers in industrial and military environments (Bletchley Park) and which dramatically shortened the second world war. This would be the UK that invented public key cryptography before the NSA. This would be the UK which developed working, scalable MIMD parallel processing (transputer) in the early 90s. Then there was the matter of Boole, who did some minor mathematical work. That UK.
leave the laptop. you have two weeks in a new country / continent, why sit down with a laptop? If you want to email or blog, there are many internet kiosk/ cafe type places.
Seriously, leave it.
Two weeks is too long in London. Give yourself a day to get over jetlag, and 1-2 days to cover the major attractions. Then take the next ten days to travel around, and come back to london to a final sweep of interesting places, and get ready for the flight.
You can grab a train to Paris (France), and spend a day or two there - get another country in. Get a flight to Dublin, Cork or Belfast (45 mins) Yet another country.
mod parent up.
The first step is to find out what the business wants, and how much it is willing to pay. THEN you go out to find out what tech is appropriate/affordable to do it.
Ask the heads of each office, and the main business managers what they want the tech to do now, in a year and in three years. Do you have a business continuity plan that has to be allowed for. If you don't have a BC plan, now's a good time to have one done, before you buy a load of kit that may not do the job.
Once you have a list of business needs, and put them in a prioritised list (again the managers set the priority), you go out and look at what can do the job. Assuming you find a reasonable solution within budget, you need to plan the migration.
Protip: do not attempt to migrate everything in one go. Do it in steps, with breaks in between.
Proprotip: whatever your migration, be able to revert to the original solution in less than 8 hours - ie one working day.
Migration is the biggest gotcha - plan, plan and plan again. Do a dry run. Start with the least critical services. You do have backups, right? Fully tested backups, from ground zero? You do have all your network and infrastructure accurately and completely mapped out, and all configuration settings / files stored on paper and independent machines?
Both arguments for VM and KISS have their place - only you can decide. But when you do decide, make sure it's based on evidence, and will end up making the business better.
Don't forget Total Cost of Ownership - the shiny boxes may run faster, but will you have to hire two more techs to keep them running, or a new maintenance contract?
Don't forget training - for you, your staff and the end users. If you're putting shiney newness in place, people will need to know how to use it, and do their jobs at least as quickly as on the old solution. No use putting in shiny web4.0 uber cloud goodness, if the users end up spending an hour doing a job that used to take 5 minutes, because they don't know how to use it properly, or the interface doesn't easily work with their business processes.
"Executives" are interested in money - what earns money for the company, what costs money for the company, what can increase future money for the company, what prevents increasing future money for the company.
Think about the main things you are doing, or plan to do over the next week, month, quarter, year. Which of the four results (earn, cost, increase, decrease) do those things do? Can you mitigate (reduce) the negatives? Can you improve the positives? What are the costs (time, money, resources)? What are the impacts/benefits (save or increase time, money, resources)?
Here's a couple of examples:
"Our mail system is aging and is struggling with the current load. I estimate it causes up to two hours delay per employee per month. I plan to increase the memory and disk space. It will cost $x hundred, and take 3 days to implement. The benefit will be the increase in productivity and delay the need to buy an entire new server for two more years."
"Our finance dept is struggling to keep up with the number of invoices that need to be processed. With the CFO I am evaluating three new systems which can help automate the process. The cost of the system is $x in capital expenditure, and then $y in annual licence fees. The CFO estimates that it will reduce the time to invoice clients from 10 days to four days, and increase cash flow for the company."
So, think in terms of money. Think what business problems or opportunities that IT makes better (or worse). State the problem or opportunity, what you are doing / want to do, say what the impact of your proposal is / will be.
Stick to this basic formula, and you'll soon be seen as someone who brings answers and adds value, instead of the stereotypical geek who complains, costs money and does little of value.
"Pull the wool over your own eyes!" -- J.R. "Bob" Dobbs