Sidebar: The Security Challenge

Computerworld - With more than one in three users on laptops, securing mobile devices --- and the data on them -- is becoming more critical than ever. While IT can reimage a new laptop when a unit is lost or stolen, the challenge is protecting data on the missing system -- and getting it back. The major laptop vendors all offer a range of security features and options. Here are some to consider:
Authentication
Smart cards and biometric fingerprint readers can provide two-factor authentication for system access. Some laptop models, such as Lenovo's ThinkPad X series, can store passwords on a Trusted Platform Module (TPM) chip, rather than on the hard disk drive where it might be compromised.
Biometric readers have one advantage: Users never forget to bring their fingers. On the downside, biometrics have a false-rejection rate of about one in 20, says a Lenovo representative. Dell doesn't offer a biometric reader but says 20% of its enterprise notebooks have a smart card option.
Theft recovery
A stolen laptop may have sensitive data as well as data the user created since the last backup. A tracking service such as Absolute Software Corp.'s Computrace can allow remote retrieval of critical data and issue a command to erase the disk, assuming that the missing unit attaches to the Internet and the agent software can check in. Lenovo embeds the stealth Computrace client in the BIOS in its ThinkPad X series to ensure that the client can't be removed.
Encryption
Authentication schemes won't protect laptop data if the disk is removed from the system. Windows file encryption isn't sufficient, since the user log-on unencrypts the data. Other software-based disk-encryption products can be set to encrypt only specific folders, such as My Documents, or the entire disk (which can slow performance) if you'd rather not trust users to put all of their sensitive files in the right location.
Credant Technologies Inc. in Addison, Texas, offers a third option: Its Mobile Guardian can be set to encrypt specific file types, no matter where they're stored on the disk.
One potential weakness with software-based encryption is that the key may be stored on the disk. Other products can store the key in a laptop's TPM chip, which is more secure.
Encryption features could soon be integrated into the disk drive itself. Seagate Technology LLC plans to support hardware-based disk encryption in its Momentus drives later this year. The drives could be in notebooks from major manufacturers next year. Dell and IBM have recently expressed interest in theproduct for their laptops.

Read more about hardware in Computerworld's Hardware Knowledge Center.