Here's how to combine encryption, tracking software, and a "kill switch" to protect laptops and their critical data.
Laptop theft is one of the fastest growing problems in the security sector. Who can forget the nightmare scenario that occurred at the U.S. Department of Veterans Affairs this past May? A department analyst loaded a file onto his laptop and took it home for the night, where burglars promptly walked off with it — along with identifying information on 26.5 million veterans. While the laptop was eventually retrieved, most are not. Fully 97 percent of all stolen notebooks are never recovered, according to the FBI.
The threat is a big one. An estimated 750,000 laptops were stolen last year, up from 600,000 in 2003, according to Absolute Software, a maker of tools to retrieve lost or stolen laptops.
The threat of lost data is the top worry. But close behind is the fear of identity theft. For system builders, all this means it's mission-critical to have a laptop-security program in place.
In this Recipe, I'll show you how to deploy readily-available, inexpensive technology to protect your customers' laptops " and the data that resides on those systems. This three-step plan includes: Securing the contents of a laptop with basic encryption methods; recovering a stolen laptop using tracking technology; and rendering a stolen laptop virtually unusable to a thief by installing a simple "kill switch." Let's get started.
The best justification for deploying laptop encryption: It's now mandatory in many states. California, for example, has a regulation, SB-1386, requiring anyone who does business in California and suffers a breach of unencrypted personal information concerning a California resident to notify that California resident. That Senate Bill became California law in 2003. Today there are similar laws in about 25 other U.S. states. Most state the same thing: Regardless of where the company owning the data is located, notification is required if the data of a state resident is breached. What's more, a single breach can lead to cumulative penalties reaching as much as $10,000 a day.
From a technical perspective, there are two specific kinds of encryption, according to Eric Maiwald, a security analyst at the Burton Group: file and disk. While an OS such as Windows XP Professional has a file encryption facility built into it called EFS (Encrypting File System), that system can be easily breached by a user with administrator privileges, Maiwald says. Worse, EFS is entirely absent from XP Home, which is used on cheaper laptops.
From a vendor perspective, here are the leading vendors of hard-disk encryption software:
Pointsec Mobile Technologies: Based in Lisle, Ill., PointSec's encryption is deployed extensively by the U.S. government, particularly the Army. The company offers versions of its software for Windows PCs, Linux PCs, PDAs, smart phones, and removable media.
Guardian Edge Technologies: Based in San Francisco, Guardian Edge offers the Encryption Anywhere hard-disk package. This software was selected by the U.S. Veterans Administration after the VA's belated decision to enhance their organization's security.
And the leading vendors of file encryption software are:
PGP Corp.: Based in Palo Alto, Calif., PGP is one of the pioneers in the encryption field. In fact, the U.S. government tried to suppress the export of PGP's Pretty Good Privacy software in 1993, but dropped the case in 1996. The company offers a wide range of products, including file and e-mail encryption.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.