Feature
News
9/18/2006
09:01 AM
50%
50%

3 Steps To A More Secure Laptop

Here's how to combine encryption, tracking software, and a "kill switch" to protect laptops and their critical data.

Laptop theft is one of the fastest growing problems in the security sector. Who can forget the nightmare scenario that occurred at the U.S. Department of Veterans Affairs this past May? A department analyst loaded a file onto his laptop and took it home for the night, where burglars promptly walked off with it — along with identifying information on 26.5 million veterans. While the laptop was eventually retrieved, most are not. Fully 97 percent of all stolen notebooks are never recovered, according to the FBI.

The threat is a big one. An estimated 750,000 laptops were stolen last year, up from 600,000 in 2003, according to Absolute Software, a maker of tools to retrieve lost or stolen laptops.

The threat of lost data is the top worry. But close behind is the fear of identity theft. For system builders, all this means it's mission-critical to have a laptop-security program in place.

In this Recipe, I'll show you how to deploy readily-available, inexpensive technology to protect your customers' laptops " and the data that resides on those systems. This three-step plan includes: Securing the contents of a laptop with basic encryption methods; recovering a stolen laptop using tracking technology; and rendering a stolen laptop virtually unusable to a thief by installing a simple "kill switch." Let's get started.

Encryption

The best justification for deploying laptop encryption: It's now mandatory in many states. California, for example, has a regulation, SB-1386, requiring anyone who does business in California and suffers a breach of unencrypted personal information concerning a California resident to notify that California resident. That Senate Bill became California law in 2003. Today there are similar laws in about 25 other U.S. states. Most state the same thing: Regardless of where the company owning the data is located, notification is required if the data of a state resident is breached. What's more, a single breach can lead to cumulative penalties reaching as much as $10,000 a day.

From a technical perspective, there are two specific kinds of encryption, according to Eric Maiwald, a security analyst at the Burton Group: file and disk. While an OS such as Windows XP Professional has a file encryption facility built into it called EFS (Encrypting File System), that system can be easily breached by a user with administrator privileges, Maiwald says. Worse, EFS is entirely absent from XP Home, which is used on cheaper laptops.

From a vendor perspective, here are the leading vendors of hard-disk encryption software:

  • Pointsec Mobile Technologies: Based in Lisle, Ill., PointSec's encryption is deployed extensively by the U.S. government, particularly the Army. The company offers versions of its software for Windows PCs, Linux PCs, PDAs, smart phones, and removable media.

  • Guardian Edge Technologies: Based in San Francisco, Guardian Edge offers the Encryption Anywhere hard-disk package. This software was selected by the U.S. Veterans Administration after the VA's belated decision to enhance their organization's security.

And the leading vendors of file encryption software are:

  • PGP Corp.: Based in Palo Alto, Calif., PGP is one of the pioneers in the encryption field. In fact, the U.S. government tried to suppress the export of PGP's Pretty Good Privacy software in 1993, but dropped the case in 1996. The company offers a wide range of products, including file and e-mail encryption.

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.