Alcatel-Lucent 'Guardian' Locks Up Your Data

The Linux-based networking card aims to prevent data loss with hardware-powered remote check in and encryption.
Less than a week after admitting that a disk with sensitive employee information was lost or stolen, Alcatel-Lucent (Quote) today introduced a networking card designed to lock in data on laptops.

First previewed at the Demo show last February, Alcatel-Lucent unveiled the OmniAccess 3500 Nonstop Laptop Guardian at the 2007 Interop networking show in Las Vegas.

The Guardian is a Linux-based notebook PC card loaded with security software that checks against a remote server to validate that the notebook hasn't been reported lost or stolen.

Unlike local PC-based solutions, which rely on a client PC stored encryption key, OmniAccess 3500 Nonstop Laptop Guardian is controlled by a remote server that is accessed by either wired LAN (define), WLAN (define) or a wireless 3G connection.

Alcatel-Lucent officials argues this approach provides remote user data loss prevention by locking notebook data as soon as a notebook is lost, stolen or otherwise unaccounted for.

"What the product does is it solves what CIOs often refer to as the mobile blind spot... as soon as I unplug my laptop and leave the enterprise there really is a lack of visibility and control," Dor Skuler, general manager of enterprise security products at Alcatel-Lucent, told internetnews.com.

"The way the solution works is its based on a PCMCIA card with a hardened version of Linux, its own battery and a 3G modem. The benefits enterprises get are the ability to have notebook visibility and control anytime anywhere."

Here;s how it works. Users install the Guardian and turn the notebook on. The card negotiates with the central server to identify the notebook and unlocks user data and access. In case the notebook is reported lost or stolen, the central server administrator can revoke the notebook's certification and encryption keys.

At that point, the notebook's data is encrypted and the data is secured. The encryption keys don't exist on the local PC and only exist on the server, making it nearly impossible for an unauthorized entity to access the data.

Skuler explained that as long as the card is plugged in the user can still log into their machine. But there is a timer-based system on the card so the user needs to connect to the central server every X amount of time, with X being defined by the IT organization.

For example, if the user is in the mountains without any access either by wired, wireless or cellular 3G beyond the preset time period, the timer will lapse and the notebook will be locked. The user would then have to call their IT department and let them know and they need to reset in order to regain access.

In addition to the lock-down benefits provided by OmniAccess 3500 Nonstop Laptop Guardian, the card also provides improved security overall for remote users.

Instead of connecting to the public Internet over an unsecured connection, the OmniAccess 3500 Nonstop Laptop Guardian provides an automatically established VPN (define) tunnel back to the enterprise so all data transport is encrypted and secured by an enterprise's existing security policies and infrastructure.

While VPN usage is often associated with reduced access speeds, Skuler noted that with the Alcatel-Lucent solution the notebook user's performance is actually improved.

"We're taking away processing time from the notebook, with VPN tunnel processing all done on the card," Skuler said. "There is also a hardware accelerator both on the card and on the hardware appliance to compress traffic."

Though the hardware side of the equation is obviously a key part of the Guardian, software plays a key role, too. While the card is intended to run on Windows PCs, the card itself runs Linux.

This article was first published on InternetNews.com. To read the full article, click here.






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.