Feature
News
9/18/2006
09:01 AM
Connect Directly
RSS
E-Mail
50%
50%

3 Steps To A More Secure Laptop

Here's how to combine encryption, tracking software, and a "kill switch" to protect laptops and their critical data.

Laptop theft is one of the fastest growing problems in the security sector. Who can forget the nightmare scenario that occurred at the U.S. Department of Veterans Affairs this past May? A department analyst loaded a file onto his laptop and took it home for the night, where burglars promptly walked off with it — along with identifying information on 26.5 million veterans. While the laptop was eventually retrieved, most are not. Fully 97 percent of all stolen notebooks are never recovered, according to the FBI.

The threat is a big one. An estimated 750,000 laptops were stolen last year, up from 600,000 in 2003, according to Absolute Software, a maker of tools to retrieve lost or stolen laptops.

The threat of lost data is the top worry. But close behind is the fear of identity theft. For system builders, all this means it's mission-critical to have a laptop-security program in place.

In this Recipe, I'll show you how to deploy readily-available, inexpensive technology to protect your customers' laptops " and the data that resides on those systems. This three-step plan includes: Securing the contents of a laptop with basic encryption methods; recovering a stolen laptop using tracking technology; and rendering a stolen laptop virtually unusable to a thief by installing a simple "kill switch." Let's get started.

Encryption

The best justification for deploying laptop encryption: It's now mandatory in many states. California, for example, has a regulation, SB-1386, requiring anyone who does business in California and suffers a breach of unencrypted personal information concerning a California resident to notify that California resident. That Senate Bill became California law in 2003. Today there are similar laws in about 25 other U.S. states. Most state the same thing: Regardless of where the company owning the data is located, notification is required if the data of a state resident is breached. What's more, a single breach can lead to cumulative penalties reaching as much as $10,000 a day.

From a technical perspective, there are two specific kinds of encryption, according to Eric Maiwald, a security analyst at the Burton Group: file and disk. While an OS such as Windows XP Professional has a file encryption facility built into it called EFS (Encrypting File System), that system can be easily breached by a user with administrator privileges, Maiwald says. Worse, EFS is entirely absent from XP Home, which is used on cheaper laptops.

From a vendor perspective, here are the leading vendors of hard-disk encryption software:

  • Pointsec Mobile Technologies: Based in Lisle, Ill., PointSec's encryption is deployed extensively by the U.S. government, particularly the Army. The company offers versions of its software for Windows PCs, Linux PCs, PDAs, smart phones, and removable media.

  • Guardian Edge Technologies: Based in San Francisco, Guardian Edge offers the Encryption Anywhere hard-disk package. This software was selected by the U.S. Veterans Administration after the VA's belated decision to enhance their organization's security.

And the leading vendors of file encryption software are:

  • PGP Corp.: Based in Palo Alto, Calif., PGP is one of the pioneers in the encryption field. In fact, the U.S. government tried to suppress the export of PGP's Pretty Good Privacy software in 1993, but dropped the case in 1996. The company offers a wide range of products, including file and e-mail encryption.

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.