This summer was eventful in the world of data security — lack thereof — if you have followed the press. The theft of a Veterans Administration laptop computer with the personal data of thousands of Veterans, including yours truly, is a good example of this.
Luckily, the laptop was recovered and personal data was not compromised according to the Veterans Administration’s press releases. This should be an eye opener for all of us, because this could happen to any one of us, and in all probability, it already has.
In the case of the Veterans Administration Laptop, it was simply an analyst taking the laptop home so that he could work at home. One would normally think taking a laptop home would be low risk, however, we now know that is not true.
How about the road warriors who travel the globe on a daily basis? You have seen them, stashing their laptops side by side in the overhead bins on the airliners, trains, and buses. It will be very easy for someone to accidentally grab the wrong bag, or intentionally steal the laptop.
Let’s take it a step further, how about those nifty USB flash drives that vendors are handing out like popcorn? If your users do not get them free as promotional trinkets, they are acquiring them through your purchasing department or at the local office supply store. All it takes now is a lost set of keys, the theft or accidental loss of a laptop, and bingo your company’s trade secrets, customer database, employee data, or any number of sensitive or proprietary information have been revealed.
Who is Accountable?
Now you get the picture. Then think about it, should this happen in your organization, guess who is going to suffer the consequences?
It is not necessarily the end user. I can almost give you an unequivocal guarantee that the CIO and staff will be the ones answering to the CEO. After all, data security is the information technology department’s responsibility any way you slice it. If you don’t believe it, just take a look at the repercussions in the VA Laptop theft incident. No less than four people including the VA CSIO joined the rolls of the unemployed as a result of this incident.
It is our responsibility to gaze into the crystal ball and determine every possible scenario and then take action to prevent it. My heart skips when I think about the road warriors as well as the folks in my organization that take work home with them. It is inevitable that thefts and losses will occur in this environment, so IT must take proactive steps to minimize or eliminate the possibility of sensitive data falling into the wrong hands as a result.
Encrypting the data on laptops and USB flash drives is one way to mitigate the loss of laptops and flash drives. You may think this is a difficult task, but with a little thought and research you may find it is an easier task than you think. When I decided to take a hard look at encrypting data on laptops I wanted to make sure I could automate deployment, and that once deployed, ensure that my help desk could easily manage the system. And last, but not least, I needed a methodology to restore data.
I looked at a number of products on the market place, but was intrigued by SafeBoot. SafeBoot had a product that would address my encryption needs and had the tools that met my requirement for my help desk to be able to easily administer the system.
SafeBoot is essentially a system comprised of a central server and a client on each device to be protected, in my case laptops. Once the client is deployed to the device, the device communicates to and registers with the SafeBoot server. The registration process requires the user to create a password and identify something that only the user should know (e.g. city of birth) in the case they forget their password in the future.
Once the registration process is completed SafeBoot takes over and starts to encrypt all the files on the device. This is all accomplished in the background and is transparent to the end user. In the event the laptop is shut down, encryption will start up again once the laptop is powered and booted up again.
Once SafeBoot is installed, the end user will be prompted for the SafeBoot password (they created during the registration process) each time the device is powered up. The laptop will not boot up until such time as the correct password is entered.
Implementing a Solution
Once I selected SafeBoot as my encryption tool, I implemented a HP DL580 server with Quad processors and 8GB of RAM for the SafeBoot system to run on. I didn’t want the give my users the option to forget to install the SafeBoot client so I decided to automate the installation. My desktop team created a Wise install package for the SafeBoot client, which could be easily deployed with my CA Uni-Center software delivery system. Then, using our trusty CA Inventory management system, my team identified all the laptops in our inventory.
Once all of this was accomplished, it was simply a matter of my CA administrator getting these devices in his sights and targeting the deployment to those devices the first time they showed up on the network. In between, we trained the help desk team on the product so they could respond to password reset requests.
I can rest easy this weekend on that long awaited fishing trip to the Florida Keys, because I know I have taken proactive steps to prevent sensitive data from falling into the wrong hands as a result of accidental loss of theft of company laptops.
I suggest you take similar steps so you can rest easy as well. Data Security is everyone’s responsibility, but it starts and ends with the Information Technology team.
This article was first published on EnterpriseITPlanet.com.