Software // Information Management
Commentary
5/5/2009
01:23 PM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

A Data Loss Lesson Learned The Hard Way

I experienced what felt like a death in the family recently when my own laptop was stolen right from my office, along with all of my work, personal financial data, and most importantly to me, family photos. Being a security analyst, I felt a sense of complicity for not being better prepared for this eventuality. Don't let what happened to me happen to you. You can fight back, and on the cheap...read on.

I experienced what felt like a death in the family recently when my own laptop was stolen right from my office, along with all of my work, personal financial data, and most importantly to me, family photos. Being a security analyst, I felt a sense of complicity for not being better prepared for this eventuality. Don't let what happened to me happen to you. You can fight back, and on the cheap...read on.By most estimates, the overwhelming majority of damaging data loss happen via stolen laptops and handheld devices. And yet, most IT shops are egregiously underprepared to respond to the threat of damaging data leakage through asset theft, and that includes my own IT shop.

The first thing that occurred to me after I lost my laptop was that I had no capability to remotely destroy the data on my laptop. For most shops running Blackberry Enterprise Server, you may already be familiar with the ability to send a remote kill signal to a stolen Blackberry in the event of handheld loss.

Larger data-loss prevention (DLP) players often focus on complex content filtering technology, and those vendors do a great job at protecting intellectual property and leakage via various TCP protocols. Unfortunately, those same DLP players often lack a truly robust endpoint security feature that includes remote data destruction. Locking down physical ports is an effective way to prevent leakage, and encryption is an effective way to mitigate data loss, but neither is a full proof strategy for ensuring that when your data does fall into the wrong hands, it can be destroyed.

An effective DLP strategy, especially at small IT shops, does not require a huge capital investment. In fact, for cheap dollars, products such as Absolute Software's LoJack for Laptops provide a means to remotely track physical assets, remotely destroy data, while providing verification of such destruction at the same time for regulatory reporting purposes. Inspice offers a similar capability through its Trace laptop tracking and destruction software. Trace's integrated mapping feature allows you to watch your stolen laptop move from thief to new owner in real time, a sick and twisted form of entertainment for sure.

If you have no DLP strategy right now, consider a true bottom up approach that addresses the biggest threats first, the first of which should include a "LoJack for laptops" type of capability. As I cover various larger scale Data Loss Prevention products through a series of Rolling Reviews in InformationWeek Magazine, along with a detailed Analytics report, I'll use this forum to report back on the tools I'm selecting for my own "mini-DLP" implementation for the InformationWeek Security Labs. I'll also do a series of mini-reviews here if I come across a unique product that warrants a closer look.

If you have a success or failure story to tell about your approach to mitigating data loss via stolen hardware, please share it here.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.