Laptop Lockdown Checklist: Six Technologies To Watch - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance
News
3/30/2007
01:20 PM
50%
50%

Laptop Lockdown Checklist: Six Technologies To Watch

When it comes to these security technologies, well-known doesn't mean widely used. Here's what might make them more practical in the near term.

When it comes to objects wonderfully suited to being lost or stolen, it's tough to beat a laptop computer.

The stats reveal a widespread, costly problem: 81% of 484 IT pros surveyed say their company lost at least one laptop with sensitive information in the past year, according to security consulting firm Ponemon Institute. About 750,000 laptops were stolen in 2005, says Absolute Software. FBI stats show that 97% of stolen computers aren't recovered. More than half of identity theft-related data breaches stem from theft or the loss of a laptop or storage device, according to Symantec.

Yet most companies aren't locking down every laptop as if they knew one was likely to go missing. That indifference might make sense for some--maybe the data isn't worth the price of securing the computer. But for the majority of companies that will end up putting sensitive data on these machines, there are no excuses. The options for securing laptops aren't perfect, but they're expanding and in many cases getting more practical for broader use. From biometrics to encryption to smarter chips, companies should be regularly reassessing their laptop lockdown strategy.

AUTHENTICATION
Who's Signing On?
BIOMETRICS is one of those intriguing ideas that everyone's familiar with but hardly anyone actually uses. Several advancements might chip away at the obstacles that have kept this a niche application. Foremost is making biometrics easier to use.

If a biometric device isn't built into a laptop, it's not practical. Do you want to tell execs they need to carry a USB-based fingerprint reader or iris scanner along with their power brick, phone charger, cell phone, and iPod?

Make a face: Bioscrypt's  3-D camera can tell who's who, but it's best for desktop security

Make a face: Bioscrypt's 3-D camera can tell who's who, but it's best for desktop security
Laptops from Dell, Fujitsu, Hewlett-Packard, Lenovo, Toshiba, and others now include fingerprint readers as either a standard feature or an option. Lenovo, for instance, last October introduced ThinkPad laptops that include a fingerprint reader and related Utimaco software to authenticate users. Lenovo also started offering on some models Softex's OmniPass software, which IT departments can use to apply the fingerprint data and passwords to enforce security policies. Replacing passwords has productivity as well as security appeal, says Stacy Cannady, a security product manager at Lenovo, because it can cost $100 an employee a year to reset passwords.

There's less activity beyond fingerprints. Bioscrypt last week introduced a USB-pluggable 3-inch, 3-D face-recognition camera that can authenticate computer users. Bioscrypt's background is in fingerprint biometrics, and it added face imaging and recognition technology with its A4Vision acquisition in March. But face recognition isn't very portable because it relies on an external camera, so it has the same problem other biometrics options do. Unless it's integrated into a laptop like a Webcam, it will remain mostly for authenticating desktop PC users. Another limitation is that to use the system, a person must undergo a digital face measurement, using a 40,000-point infrared mesh grid.

The next area of focus for laptop makers is to make biometrics more intuitive, because "if security becomes a burden, people will bypass it," says Shab Madina, product marketing manager for HP's Personal Systems Group. HP software includes a Biometric Touch-To-Action feature that launches a registration page when a user touches a fingerprint reader, instead of requiring the user to go through various menus.

Mass adoption will be slow going. A typical company might replace a laptop every three years, and most aren't likely to speed that up just to get built-in biometrics.

SMART CARD READERS also are becoming more common on business PCs. HP made them standard on many business laptops last year. Most laptop makers either have smart card readers built in or can support them via a PC card slot or a USB slot. The cards let users store passwords and other confidential information, a feature that's popular in industries such as health care, banking, and government, says Paul Moore, senior director of mobile product marketing at Fujitsu. Usually it's part of two-factor authentication--the card plus a password or PIN users know.

For companies that want two-factor authentication but haven't issued smart cards, one-time password tokens may be a stopgap measure. They convey a new password that must be typed in, along with a permanent password, for access.

Few companies have used smart cards for PC security because it wasn't economical to have one card for PCs and one for building access, says Ed MacBeth, senior marketing VP at ActivIdentity, a provider of smart card software. Now those are converging. Advanced smart cards allow, on a single card, the storage of passwords, digital certificates, biometric templates such as fingerprints, and building-entry credentials. They also can generate one-time passwords. Look to the federal government to lead in this area, since it is in the midst of issuing such smart cards to millions of employees as part of homeland security efforts. The Department of Defense has issued more than 11 million of them, says MacBeth. The Defense Department in October contracted to use software from ActivIdentity for computer and network authentication using Java-based access cards for 3.5 million military personnel and contractors. But, unlike a finger, people lose their IDs all the time, a problem companies' help desks must be prepared for.

Vendors are pitching smart cards to secure smartphones, too. Research In Motion's BlackBerry Smart Card Reader is worn like an ID badge and prevents use of a BlackBerry if the badge is out of the device's Bluetooth wireless range. The same reader can be used to authenticate a laptop user, if the laptop has Bluetooth capability.

THE TRUSTED PLATFORM MODULE is an embedded security chip that should become increasingly important in the coming year. It's based on a standard from the Trusted Computing Group, which was formed by Advanced Micro Devices, HP, IBM, Infineon, Intel, Lenovo, Microsoft, and Sun Microsystems to push hardware-enabled security. The chip stores keys, passwords, and digital certificates, and it can be used in conjunction with portable tokens such as smart cards or biometrics to authenticate a laptop user.

The idea behind the Trusted Platform Module is that it removes some of the security from the operating system. So if someone takes out a hard drive to get around a laptop's security software, for example, he's unlikely to be able to access data because password information or encryption keys are stored with the chip. Windows Vista uses TPM as part its BitLocker Drive Encryption feature, so TPM's importance will rise with Vista adoption.

Some businesses may have TPM chips in their laptops and not know it--about 50 million Trusted Platform Modules were sold in 2006, mostly for business computers. HP began adding TPM modules to its laptops three years ago but made it standard on many models last year. The number will rise to more than 250 million TPMs by 2010, predicts research firm IDC. The Trusted Platform Module is likely to find its way into other components. Going forward, the module could be embedded into any computing device, including smartphones.

BIOS SECURITY -- basic input/output system--is the most fundamental laptop security, providing authentication through a password before the operating system boots. "If you can't get into the operating system, you can't steal data," says Fujitsu's Moore. Most laptops ship with similar BIOS password protections, so it's a matter of making sure they're set up to keep unauthorized users from changing the BIOS settings and booting up a laptop, or modifying the BIOS without administrative access. Most have management capabilities that let administrators remotely set BIOS security policies.

HP last year integrated Disk Sanitizer into the BIOS of its laptops. The feature lets a company wipe a laptop hard drive clean by writing over it multiple times before discarding the computer. HP thinks that beats reformatting the hard drive, since reformatting may not remove all data.Make a face: Bioscrypt's 3-D camera can tell who's who, but it's best for desktop security.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Slideshows
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
News
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Commentary
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
Register for InformationWeek Newsletters
Video
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll