Here's how to combine encryption, tracking software, and a "kill switch" to protect laptops and their critical data.
Laptop theft is one of the fastest growing problems in the security sector. Who can forget the nightmare scenario that occurred at the U.S. Department of Veterans Affairs this past May? A department analyst loaded a file onto his laptop and took it home for the night, where burglars promptly walked off with it — along with identifying information on 26.5 million veterans. While the laptop was eventually retrieved, most are not. Fully 97 percent of all stolen notebooks are never recovered, according to the FBI.
The threat is a big one. An estimated 750,000 laptops were stolen last year, up from 600,000 in 2003, according to Absolute Software, a maker of tools to retrieve lost or stolen laptops.
The threat of lost data is the top worry. But close behind is the fear of identity theft. For system builders, all this means it's mission-critical to have a laptop-security program in place.
In this Recipe, I'll show you how to deploy readily-available, inexpensive technology to protect your customers' laptops " and the data that resides on those systems. This three-step plan includes: Securing the contents of a laptop with basic encryption methods; recovering a stolen laptop using tracking technology; and rendering a stolen laptop virtually unusable to a thief by installing a simple "kill switch." Let's get started.
The best justification for deploying laptop encryption: It's now mandatory in many states. California, for example, has a regulation, SB-1386, requiring anyone who does business in California and suffers a breach of unencrypted personal information concerning a California resident to notify that California resident. That Senate Bill became California law in 2003. Today there are similar laws in about 25 other U.S. states. Most state the same thing: Regardless of where the company owning the data is located, notification is required if the data of a state resident is breached. What's more, a single breach can lead to cumulative penalties reaching as much as $10,000 a day.
From a technical perspective, there are two specific kinds of encryption, according to Eric Maiwald, a security analyst at the Burton Group: file and disk. While an OS such as Windows XP Professional has a file encryption facility built into it called EFS (Encrypting File System), that system can be easily breached by a user with administrator privileges, Maiwald says. Worse, EFS is entirely absent from XP Home, which is used on cheaper laptops.
From a vendor perspective, here are the leading vendors of hard-disk encryption software:
Pointsec Mobile Technologies: Based in Lisle, Ill., PointSec's encryption is deployed extensively by the U.S. government, particularly the Army. The company offers versions of its software for Windows PCs, Linux PCs, PDAs, smart phones, and removable media.
Guardian Edge Technologies: Based in San Francisco, Guardian Edge offers the Encryption Anywhere hard-disk package. This software was selected by the U.S. Veterans Administration after the VA's belated decision to enhance their organization's security.
And the leading vendors of file encryption software are:
PGP Corp.: Based in Palo Alto, Calif., PGP is one of the pioneers in the encryption field. In fact, the U.S. government tried to suppress the export of PGP's Pretty Good Privacy software in 1993, but dropped the case in 1996. The company offers a wide range of products, including file and e-mail encryption.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.