Home > Information Security, Security > Laptop Data Security – Endpoint Encryption

Laptop Data Security – Endpoint Encryption


In today’s world, the impact of stolen laptop that is unsecured is huge! A stolen laptop with customer information and intellectual property may result in millions of dollars in compliance fines, loss of competitive advantage, brand damage and customer notification costs.

Following are the possible risks when a laptop is lost:

  • Unauthorized person getting access to confidential data
  • Confidential data can be copied from laptop to external thumb drives

Now the question is how to secure the laptops?

By following the below steps:

  • From process front, obviously you need a standard policies and procedures for securing the laptops at the organization level.
  • Full disk encryption of the complete hard disk. Opensource solution TrueCrypt serves your need and is free of cost.
    • With full disk encryption, Integrity of data is maintained
    • Confidentiality of intellectual property is ensured
  • From technology front, there are data leakage prevention software available in the market from – TrendMicro, McAfee, Symantec, RSA, CA etc
  • With full disk encryption, you need to provide a decryption password with out which the system is not going to boot up. This ensures two factor authentication, one for booting and other for network password
  • User might try to copy the data from encrypted partition to unencrypted USB drive or CD. The encryption software chosen must ensure that the file remains encrypted at the destination
  • File that is encrypted even if copied to different OS should still remain encrypted
  • There are various encryption algorithms, system should be flexible enough to allow selection of the algorithm
  • There shouldn’t be too much of performance overhead due to encryption
  • Encryption should be ensured even in Hibernate and Standby mode
Safe harbor protection
Loss of encrypted data = non-event and does not require public disclosure
McAfee has a commercial encryption solution. Good news is you also have a solution TrueCrypt in the form of open source.
TrueCrypt is a great solution, except that there isn’t any centralized management. i.e. What if the user forgets the password?
Workaround for this in TrueCrypt is that you need to replace the Header file, where as in McAfee courtesy Centralized Management this issue is addressed quite well.
McAfee solution is good but comes with a fat amount! For me TrueCrypt works great…
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: