Rick Faulk, who we announced yesterday has joined our Board of Directors, sent us a pointer to a very interesting article in the November issue of Fast Company magazine. It included some data points that I found a bit staggering:
- A laptop is stolen every 53 seconds.
- More than 12,000 laptops disappear each week from U.S. airports alone.
- Only 3% of laptops are ever returned.
The article went on to describe some of the technologies out there for tracking and recovering stolen laptops as they come up on a network somewhere “in the wild.” This is innovate technology, and it seems like it is getting some very positive results. However, in my view, it is only a partial solution. With NxTop, we provide a similar ability to remotely “kill” a laptop and wipe away its data. This throws up some pretty big obstacles to the run of the mill thief. However, a criminal can counteract this through a variety of methods ranging in sophistication from simply not connecting the laptop to a network to pulling the hard drive out and accessing the data through other means.
For most companies, the monetary loss of the laptop itself is nearly meaningless. The two bigger concerns are security of sensitive data and lost productivity of employees due to missing data and time spent without a functioning PC. So, in addition to remote kill, we have layered additional measures such as:
- Trusted boot to protect against tampering with our virtualization layer.
- Encryption by default for all data on the laptop.
- Policy-based controls governing how often the laptop needs to “phone home.” (For example, if the laptop does not check in at least every X days, it becomes inaccessible.)
- Transparent backup of user data to the central server.
- Hardware abstraction that presents a common set of “virtual hardware” to Windows regardless of the underlying PC hardware.
None of these things is a silver bullet by itself. However, if a NxTop-enabled laptop is ever lost or stolen, the company has assurance that they have multiple measures working in concert to make it a non-event. For example, even if someone was going to take a run at cracking encryption, the ticking clock of the “phone home” policy dramatically shortens the window they have to do so. Additionally, the combination of hardware abstraction and user data backup allows IT to just pull a new PC off the shelf (even using an HP to replace a Lenovo or vice versa) and restore to a complete user-customized PC in minutes.
November 25th, 2008 at 6:45 pm
Starbucks Confirms: Missing Laptop Contains Employee Data…
Another high profile laptop theft is in the news, this time about Starbucks and a missing laptop containing data on nearly 100,000 employees.
……
December 9th, 2008 at 1:32 pm
Earlier i always thought why the hell are companys workin with full HDD encription.Since this was the matter at my last company as well , i have read a lot of information to this topic.Yes (nice post by the way),the value in $ of the hardware has a secondary priority to bigger companies , first thing is to make the data inaccessible for thievs.Just need to mention further that at my last company desktops (old IBM one , Pent III with tuned 512 RAM) were encripted as well.I do not think that employees using this machines have company relevant secret or interessting datas on their HDDs : ) But to live with a peace of mind they secured everything.(I do not spot on it , because in a cooperate LAN with much employees it can make sense)
Stay safe !