Laptop Lockdown Time

Though the mobility trend and its related technologies give an enterprise work force more flexibility and enable on-demand business opportunities, they also pose a new set of security concerns that vendors and solution providers are just beginning to tackle.

As wireless-enabled notebook computers become more prevalent in the enterprise, companies and VARs building solutions for them must be concerned with the fate of confidential corporate information stored on those notebooks, especially when users are accessing unsecured wireless networks, said John Marks, CEO of VAR JDM Infrastructure, Rosemont, Ill.

“This is a significant issue that will need to be addressed in short order,” Marks said. “I don’t think corporate accounts that have these large budgets for wireless initiatives are taking into consideration the potential for hackers and [the fate of] proprietary information going over the airwaves. Absolutely, they should be.”

Indeed, abuse of wireless networks cost businesses in the United States more than $10 million last year, according to a joint study by the Computer Security Institute (CSI) and the FBI. These figures are especially daunting because 47 percent of all U.S. vertical industries said they would make use of mobile applications and services via mobile devices such as notebooks and PDAs in 2004, according to a recent study by Forrester Research.

Theft of notebook computers—and, consequently, the information stored on them—also is a problem that is costing corporations a substantial amount of money, studies indicate. According to the CSI-FBI report, this security problem cost U.S. companies more than $6 million in 2004.

id
unit-1659132512259
type
Sponsored post

To do their part to manage these concerns and others that surround notebook mobility, vendors such as IBM, Hewlett-Packard and Toshiba are building new security technologies into their computers to help ensure that information is protected even when users access unsecured wireless networks outside the office.

FACTS AND FIGURES

Dollar amount of losses due to notebook/wireless security risks

\

>> System Penetration:

$901,500

>> Unauthorized Access:

$4,278,205

>> Laptop Theft:

$6,734,500

>> Abuse Of Wireless Network:

$10,159,250

>> Theft Of Proprietary Info:

$11,460,000Source: Computer Security Institute, CSI/FBI 2004 Computer Crime and Security Survey

In addition, the vendors are making it more difficult for thieves to retrieve any information from notebook hard drives in the event laptops are stolen from a company.

To encrypt hard-drive data on notebooks, IBM, HP and Toshiba all implement the Trusted Platform Module—known as TPM—a chip that encrypts anything stored on a notebook so the files cannot be read if by chance a hacker gains access to information on an unsecured wireless network.

“In order to get access to an encrypted file, a person would have to provide credentials for the embedded chip,” said Matt Wagner, manager of product marketing for Palo Alto, Calif.-based HP’s Worldwide Mobile Business Unit. “If they’re unable to do that, obviously access to that file would be disallowed.”

Carl Pinto, director of product development for Irvine, Calif.-based Toshiba’s Digital Products Division, noted that while adding technology to hardware protects users when they access unsecured wireless networks, there are other facets of a larger security solution that also can protect notebooks from infiltration.

For example, both Pinto and HP’s Wagner said solution providers should always encourage companies to implement VPNs and require that corporate users sign in to them to access any company information to better protect that data.

“If part of [a company’s] mobility strategy is enabling its user base to access the corporate network remotely from unsecured networks, you absolutely want to take advantage of technologies such as virtual private networking,” Wagner said.

Notebook vendors also are employing a host of new technologies to protect information on a laptop if that computer is stolen. One of the latest technologies—one previously found only on spy shows such as “Alias”—is biometrics fingerprinting, which both IBM and Toshiba have rolled out for some of their enterprise-class notebooks.

This technology ties a user’s fingerprint to a password so only the person with that fingerprint can access a machine, said Clain Anderson, program director of security and wireless for Armonk, N.Y.-based IBM’s Personal Computing Division.

Notebook vendors also are employing BIOS passwords that put a security key in the physical firmware of a notebook’s hard drive so there is no way a thief can get access to the information on the machine unless he or she knows the password, according to Toshiba’s Pinto.

This method is so secure, he said, that the corporate IT group of a company utilizing this feature on notebooks can’t even crack the hard drive if they forget the BIOS password. “We advise IT groups that if they forget the password, there is no way the data can be accessed,” Pinto said.