perspective According to the FBI, two million laptops were stolen in the United States alone in 2007--equivalent to one loss every 15 seconds.
Research from data clearing house Data Loss DB shows that, of data breaches made public in 2008, 32 percent resulted from the loss or theft of laptops, mobile phones or other portable media and storage devices.
Some of those losses can be attributed to the carelessness of the owner of the device--stories abound of laptops left in taxis and USB sticks found in car parks or launderettes. Mobile devices are also attractive targets for thieves.
Such losses can cost businesses dearly. If devices fall into the wrong hands, the information they contain can be used for nefarious purposes--unless it has been protected.
Personal information about employees or customers can be used by criminals for identity theft. Other information such as intellectual property and financial records is equally prized.
The stakes are even higher if the organization is subject to regulation. Some regulators demand that when data losses concerning information that could be used to identify individuals occur, the organization responsible for the loss must notify the individuals concerned.
Obviously the answer is not to prohibit the use of all mobile devices. Instead: protect your sensitive data.
This can take many forms, from identity management and data loss prevention (DLP) tools to full-disk encryption.
Identity and access management technologies tie a user's access rights to the permissions they have been granted so that the use of confidential information can be more tightly controlled. For example, a marketing employee can be prevented from having access to the financial records of the company.
DLP tools enable organizations to detect and prevent the unauthorized use and transmission of confidential information, whether deliberately or inadvertently.
When it comes to protecting data on portable devices, DLP tools can help prevent sensitive information from being copied onto such devices in the first place and control how the information is used, such as prohibiting it from being printed or e-mailed.
While these technologies are useful, the lost or stolen data could still be read. To ensure information on portable devices is truly secure, it must be fully encrypted.
By using full-disk encryption for laptops, mobile phones and other forms of portable media, almost everything on the disk is rendered unreadable, including file names, temporary files, boot sectors and the swap space, with the exception of the master boot record, which must be left unencrypted in order for the drive to start up.
Full-disk encryption is especially important to prevent data loss as unencrypted sectors of disks can reveal confidential information, such as temporary files. Also, full-disk encryption ensures that users cannot bypass the system--files have to be saved encrypted, as there is nowhere on the disk to save anything unencrypted.
Full-disk encryption will not solve all data security woes but it provides strong levels of protection for information held on portable devices and should be considered best practice for all devices used to store data outside of the office.
Its use can help shield organizations from potential fines and reputational risks should devices be lost or stolen, and it helps organizations achieve compliance with privacy and data protection regulations. Organizations can therefore have more confidence in exploiting the benefits of remote and mobile working.
Quocirca's freely available recent report "Removing the complexity from information protection", commissioned by WinMagic, explores the options available to organizations looking to improve the security of information stored on portable devices.
It discusses the options available, including new services available in the cloud, and provides organizations with recommendations as to what they should look for when extending their data protection controls to data on devices that are all too easily lost or stolen.
Fran Howarth is principal analyst at Quocirca. She and five other analysts contribute to ZDNet Asia's sister site, Silicon.com, a regular column that seeks to demystify the latest jargon and business thinking.
Play video
There are currently no comments for this post.