Full Disk Encryption

Previous page
Table of content
Next page

The Laptop Security Problem Today

Have you recently received a letter from your bank to let you know that somehow (but surely not because of their fault!) some of your personal information has been accidentally compromised, lost, stolen, or leaked? I have. That makes me (and likely you) the subject of one of the over 93 million records of personal information included in data breaches that have been tracked by the Privacy Rights Clearinghouse since 2005. That's 93,000,000 individuals (less a few unlucky souls who had the misfortune to be in more than one) in less than 2 years (http://www.privacyrights.org/ar/ChronDataBreaches.htm).

While it is definitely not a great feeling to find out that data about you has been breached, would you want to trade places with the IT professionals and CIOs at the companies who have had to write these letters? It has become part of our jobs to safeguard the personally identifiable information (PII), intellectual property (IP), and business intelligence (BI) stored in our systems-and there are growing and dire consequences for failing to do so.

These consequences tend to fall into three main areas: financial consequences, legal or regulatory compliance, and negative image and credibility (and the last two, can in turn, drive the first).

First, losing data costs money. The U.S. Department of Justice estimates that stolen IP cost enterprises $250 billion dollars in 2004. These losses may include a loss of revenue, decreased market capitalization, or being placed in a competitive disadvantage.

Second, regulations abound. The legal framework facing a multinational corporation, for example, includes:

  • Health Information Portability and Accountability Act (HIPAA)

  • Sarbanes-Oxley Act (SBA)

  • Gramm-Leach-Bliley Act (GLBA)

  • California Senate Bill 1386

  • Securities Exchange Commission (SEC) Rule 17a

  • The Organisation for Economic Co-Operation and Development (OECD) Fair Information Practices

  • Europe's Directives on Data Protection, and the U.S. Safe Harbor Principles

  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Australia's Federal Privacy Act

Sorting through this alphabet soup is a task best left to your lawyers. But, we submit that you should realize this: if you are not already legally and morally compelled to protect this data, you soon will be. This brings some ugly fallout. It can cost a lot to become compliant, but it can cost even more to fail to do so: there are civil and criminal penalties waiting.

But, third, something even worse keeps many CEOs up at night: the dread fear of being "above the fold" on the front page of the Financial Times, as the subject of a data breach disaster. Image, reputation, and credibility all matter since they, in turn, affect everything from stock price to sales numbers. For example, one survey-way back in 2001-reported that 64 percent of online shoppers chose not to purchase from some vendors because of privacy concerns.

To be fair, there are many causes and potential causes of data breaches, but one particular risk stands head and shoulders above the rest: information workers are increasingly mobile, and hundreds of gigabytes of confidential data goes mobile with them on their company lap-tops. It's just too easy, in most cases, to get that information off of one of those laptops once it's been stolen or simply lost. The estimate is that every year American companies lose 600,000 laptops-sometimes stolen, but often just left in cabs and airports.

One large multinational company whispers privately that they average losing one laptop a day, just by them being left in taxis-in one city. Disasters can also befall you, such as happened to those companies who had to hire private armed security to guard their offices until the computers or data could be removed in the aftermath of Hurricane Katrina.

But no matter how they're lost, they contain the data that can make or break organizations and careers. For example, you may recall that a government employee in the Veterans' Administration thanked those who defended the country over the past few decades by bringing home a laptop containing a database full of their informationand had his home broken into. And, of course, the data wasn't encrypted. (After all, nothing says "thanks for keeping me safe" like simplifying identify theft.)

Even if you survive all of these calamities, at the end of life of your computer equipment, you still need to decommission it. That is, every computer eventually needs to have the data stored on it securely removed or completely destroyed.

The answer? Encrypt the whole bloody hard disk, and hide the key where it can't be found. That's in Vista in this new feature called BitLocker. In the rest of this chapter, we will examine how BitLocker begins to solve the laptop security problem.



Previous page
Table of content
Next page
Administering Windows Vista Security. The Big Surprises
Administering Windows Vista Security: The Big Surprises
ISBN: 0470108320
EAN: 2147483647
Year: 2004
Pages: 101
Authors: Mark Minasi, Byron Hynes
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
802.11 Wireless Networks: The Definitive Guide, Second Edition
Extending and Embedding PHP
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy