Lost Laptops Sink Data
Computerworld - Lost backup tapes may be the IT security issue du jour, but stolen laptops are a bigger and more intractable problem. Critical business data walks out the door every day on notebook computers. Increasingly, those devices are going missing.
Laptops are easy targets because of their portability. That makes restricting physical access all but impossible. Just recently, for example, two laptops stolen from a human resources service provider put the names and Social Security numbers of Motorola employees at risk . At Wells Fargo last fall, information on thousands of the bank's borrowers was compromised when three laptops were stolen from a subcontractor . In both cases, the data wasn't encrypted.
Therein lies another problem. All too often, logical security controls that could protect data simply aren't used. While encryption provides an obvious remedy for securing backup tapes in transit, there are no easy fixes for securing those very personal mobile computing devices -- only trade-offs.
Encryption slows down performance, which may irritate power users. And employees may view biometric devices, smart cards and other access-control mechanisms as burdensome. Unfortunately, the people whose laptops have the most sensitive data tend to be the ones who have the least patience dealing with layered security.
Yet the consequences of inaction are increasingly public, thanks in part to the law known as California SB 1386, which requires companies to notify customers of data breaches. Had Wells Fargo required its subcontractor to encrypt all data, it wouldn't have had to notify customers of the theft.
Any machine that has the potential to hold sensitive data or e-mail should be encrypted. But don't bother with Windows XP's Encrypting File System. "If you know your Windows password, you know the keys to the hard drive. There are a lot of ways to hack that," says Clain Anderson, director of wireless and security at Lenovo.
Full disk encryption works better because it's transparent: Users don't have to be trained -- and trusted -- to save all their data in an encrypted folder. Most approaches use the Triple Data Encryption Standard algorithm to encrypt data, which is very secure. But the encryption keys still must reside on the disk. Some laptops, including some of Lenovo's ThinkPads, store this data on a security chip based on the Trusted Platform Module (TPM) standard.
"That gives you a gatekeeper so your passwords and digital certificates can be protected and aren't just laying around on the hard disk somewhere," says Anderson. If employees forget their password, they're locked out, but a separate administrator password can be configured for support
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!