The report said that while encryption and other security technology could help, slipshod handling of data and equipment, poor training and the slow moving government bureaucracy were seen as the main causes of vulnerability.
"The White House directive is a good first step, but we're concerned about the time frame," John Dasher, director of product management at encryption software maker PGP, was quoted as saying. "Do they have funds budgeted and allocated‾ These are the nuts and bolts of the procurement process."
Companies, including PGP, are eager to sell existing encryption and other security software to the government that can be deployed in a matter of weeks. But several executives interviewed by Reuters said agencies must first consider basic concepts of data security before buying software.
"I'll bet many organizations can't even tell you where sensitive data is," said Chris Voice, CTO at security software maker Entrust. "Not only should certain data be stored and encrypted properly, but certain people should not have access to it to begin with it."