Perspective: Locking down laptops before it's too late

By Bill Watkins Published: June 20, 2007 4:00 AM PDT See all Perspectives

Tools

Related Stories: Laptop theft exposes teachers to ID fraud risk
April 9, 2007; McAfee makes debut in safeguarding business data
February 5, 2007; Hard drive vanishes from VA facility
February 5, 2007; Stolen Boeing laptop held ID data on 382,000
December 14, 2006

perspective Confidential, invaluable business and personal data are at risk when laptop computers are misplaced or stolen. Companies large and small, public and private, are all at risk.

Within the past year, the Veterans Administration lost a laptop holding information on 26.5 million individuals, the Internal Revenue Service lost or misplaced 500 laptops, and Boeing reported the theft of a laptop with files that contained Social Security numbers for more than 300,000 of its past and present employees.

Unfortunately these incidents are far from unusual.

During 2005, 20 percent of all banks, 18 percent of credit card companies, 13 percent of government organizations and 9 percent of health care companies reported data breaches--and that number is growing.

Clearly, something must be done before one of these breaches bankrupts a company or threatens national security.

The real and associated costs of data breaches are staggering: In 2006, corporations that experienced a data breach spent an average of $5 million trying to recover data. Customer relationships suffer, too; among consumers that discovered their data had been lost, 20 percent terminated their relationships with the company, another 40 percent considered terminating their relationships, and 5 percent considered legal action.

Clearly, something must be done before one of these breaches bankrupts a company or threatens national security.

The government has begun to address the issue with recently enacted legislation. Federal laws such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA) make the security of critical digital content--including the secure disposal of electronic files to end the data lifecycle--a fundamental requirement. On a state by state basis, 29 states thus far have enacted data protection legislation and 28 of these laws have provisions calling for the encryption of digital content.

The flaw with current legislation is that it does not specify how to encrypt data--and that's critical. If agencies and companies encrypt their data using software, it's like locking individual car engine components?-time-consuming, expensive and fraught with failure points. By contrast, hard drive full disc encryption is similar to a car key: it protects everything from the engine to the dashboard with a single mechanism and point of entry.

Hard drive full disc encryption is straightforward; it automatically protects every bit of computer data without any human intervention. It makes any data stored on a stolen or lost notebook unreadable and unusable forever. It can also automatically "repurpose" existing laptops or deny access to data when computers reach the end of their useful life. No need to smash a drive with a hammer or use special software to wipe it clean. By simply changing the encryption key on the disc, all stored data is instantaneously rendered unreadable and unusable forever--saving both time and money.

The advantages of hard drive full disc encryption are clear; the dangers of stolen and misplaced laptops are overwhelming. To thoroughly protect sensitive information, government and business organizations must mandate hard drive full disc encryption--especially for mobile workers--to help keep data from falling into the wrong hands. The time to lock laptops down is now.

Biography
Bill Watkins is chief executive of Seagate.

More Perspectives

More from News.com on this story's topics: Authentication and encryption
Create an email alert | RSS feed; Security threats
Create an email alert | RSS feed; Notebooks and tablets
Create an email alert | RSS feed; Flaws
RSS feed

See more CNET content tagged:
HIPAA, laptop computer, digital content, legislation, relationship

22 comments (Page 1 of 2)

Destroying Data
by Tronman161 June 20, 2007 5:23 AM PDT: I was always taught the only 100% secure way to erase data on a disk is to smash it with the ol' hammer. Is this full disc encryption thing really that secure?; Reply to this comment View all 2 replies
Processing

Keep the data off the laptop
by fitzgm3 June 20, 2007 6:01 AM PDT: This shouldn't even be an issue. There is no reason for this data to be on a laptop in the first place. Sensitive data should be kept in a data center where a access can be controlled and tracked. Encryption is great but it provides a false sense of security. What happens when the laptop is stolen while it is running. It is akin to someone leaving the keys in the car. The best way to keep this data secure is to ensure there are no copies made out side the secured data center.; Reply to this comment View reply
Processing

Disk Encryption Speed
by garyrgilbert June 20, 2007 6:16 AM PDT: I had full disk encryption and it was slow, took forever to boot up! The technology needs to improve or the laptops need to be really fast (loads of ram) to compensate. It's frustrating when you are trying to develop software and have a slow computer/laptop!; Reply to this comment View reply
Processing

Work at Work - Physical Security
by timcoyote June 20, 2007 7:06 AM PDT: We never had this problem when we all worked at work instead of taking our laptops home and working. Our homes and cars are not as secure as the workplace and we are not security minded outside the office. I don't work at home, not ever, I go to the office, so even if I had a laptop (I save the company $ by just getting a desktop computer) it would just stay at home...I know I know, I'm old fashioned and I should take work home and work extra and ignore my kids and I should live far away from the office so I need a laptop to work weekends, but I don't. And I should take a laptop on trips so I can do work instead of focusing on whatever conference, training or meeting I traveled for, but I don't. I'm a terrible person.; Reply to this comment

Seagate is struggling a bit ...
by DecliningUSDollar June 20, 2007 10:17 AM PDT: Seagate is struggling a bit with a few issues. One issue is that HDs are, or have become a commodity, so Seagate is trying to promote this as something that will justify a $/GB; however, there likely needs to be some triggering event ... 500,000 CC numbers and names lost along with the associated identity theft. In the mean time, I'm sure that Seagate will continue backing/financing those who push legislation that will force others to buy and use their technology.; Reply to this comment View reply
Processing

You are trusted...
by euspos June 20, 2007 10:31 AM PDT: When you carry a laptop you are trusted with taking the company's data "outside" - and will have to behave like that as well. For someone traveling in sales, not having (needed) data on a laptop would be like trying to empty the ocean with a coffee cup. I had - and struggled - with full hard disk encryption (PointSec). Why on earth would you need to encrypt the OS? No, encrypt the data stored, with as a secury method as possible. Why? I had my laptop "crash" more than once. In most cases it was the MBR that got corrupted. On a "non-encrypted" disk this would have been a matter of minutes to fix. In my case, local IT staff (HP Services) were not trusted with tools to work around encryption. Laptop shipped to US HQ where not even there technicians were trusted with keys to bypass encryption. Keys needed to be obtained from overseas, and then it still took them time. All in all, I was w/o laptop for about 4 days. 4 critical days in a customer relation. A laptop in the wrong hands is just like a company car in the wrong hands. It can be a very devastating tool, even lethal. In the right hands (a trusted employee), it is a great productivity tool. Never again FULL hard disk encryption! Encrypt the data and be done with it!; Reply to this comment

Naive
by 247mark June 20, 2007 10:37 AM PDT: The law should not tell people how to encrypt their data. It is enough that the law requires encryption at all. However, to assume that the encryption will render the data useless seems naive. As we move forward, technological advances will likely require us to revisit security standards. Security of the past is no guaranty of security for the future. You'd think someone in a business of making hard drives, something so essential to information technology, would understand this.; Reply to this comment

TrueCrypt
by LuvThatCO2 June 20, 2007 11:05 AM PDT: If you dont want to do full drive encryption, there's an open-source alternative called TrueCrypt. It will create encrypted, virtual 'drives' from either unformatted space on your drive, or out of large files. I've been using it for a while on my laptop to secure my source code and email. Very easy to use, no noticable speed issues. Will it keep my data safe from the Russian intelligence service? Who knows. But it will keep it safe from just about anyone else - particularly your average street urchin who steals laptops.; Reply to this comment View reply
Processing

Kind of a self serving article..
by dargon19888 June 20, 2007 12:06 PM PDT: Here is the CEO of the hard drive manufacturer. What he would like to do is to tell everyone that by adding some additional hardware to the drive, his company can secure hard drives from divulging their secrets. Ok. Fair enough. Add to the price of the hard drive, increase the latency and read/write times all in the name of "security". Only problem, no one knows which or how much security is needed. And does this really lock down the data? What happens if the user of the computer doesn't have a password? In truth, there is no simple single silver bullet when it comes to data retention and security issues.; Reply to this comment

Users - Password
by DecliningUSDollar June 20, 2007 2:02 PM PDT: Are these the same users who cannot remember one network password?; Reply to this comment