Wednesday, June 20, 2007

Locking Down Laptops Before It's Too Late

Article by Bill Watkins / CNet News
Confidential, invaluable business and personal data are at risk when laptop computers are misplaced or stolen. Companies large and small, public and private, are all at risk.

Within the past year, the Veterans Administration lost a laptop holding information on 26.5 million individuals, the Internal Revenue Service (IRS) lost or misplaced 500 laptops, and Boeing reported the theft of a laptop with files that contained Social Security numbers for more than 300,000 of its past and present employees. Unfortunately these incidents are far from unusual. During 2005, 20 percent of all banks, 18 percent of credit card companies, 13 percent of government organizations and 9 percent of health care companies reported data breaches--and that number is growing.

The real and associated costs of data breaches are staggering: In 2006, corporations that experienced a data breach spent an average of $5 million trying to recover data. Customer relationships suffer, too; among consumers that discovered their data had been lost, 20 percent terminated their relationships with the company, another 40 percent considered terminating their relationships, and 5 percent considered legal action. Clearly, something must be done before one of these breaches bankrupts a company or threatens national security.

The government has begun to address the issue with recently enacted legislation. Federal laws such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA) make the security of critical digital content--including the secure disposal of electronic files to end the data lifecycle--a fundamental requirement. On a state by state basis, 29 states thus far have enacted data protection legislation and 28 of these laws have provisions calling for the encryption of digital content. The flaw with current legislation is that it does not specify how to encrypt data--and that's critical. If agencies and companies encrypt their data using software, it's like locking individual car engine components–-time-consuming, expensive and fraught with failure points.

By contrast, hard drive full disc encryption is similar to a car key: it protects everything from the engine to the dashboard with a single mechanism and point of entry. Hard drive full disc encryption is straightforward; it automatically protects every bit of computer data without any human intervention. It makes any data stored on a stolen or lost notebook unreadable and unusable forever. It can also automatically "repurpose" existing laptops or deny access to data when computers reach the end of their useful life. No need to smash a drive with a hammer or use special software to wipe it clean. By simply changing the encryption key on the disc, all stored data is instantaneously rendered unreadable and unusable forever--saving both time and money.

The advantages of hard drive full disc encryption are clear; the dangers of stolen and misplaced laptops are overwhelming. To thoroughly protect sensitive information, government and business organizations must mandate hard drive full disc encryption--especially for mobile workers--to help keep data from falling into the wrong hands. The time to lock laptops down is now.