A Data Loss Lesson Learned The Hard Way - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
5/5/2009
01:23 PM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

A Data Loss Lesson Learned The Hard Way

I experienced what felt like a death in the family recently when my own laptop was stolen right from my office, along with all of my work, personal financial data, and most importantly to me, family photos. Being a security analyst, I felt a sense of complicity for not being better prepared for this eventuality. Don't let what happened to me happen to you. You can fight back, and on the cheap...read on.

I experienced what felt like a death in the family recently when my own laptop was stolen right from my office, along with all of my work, personal financial data, and most importantly to me, family photos. Being a security analyst, I felt a sense of complicity for not being better prepared for this eventuality. Don't let what happened to me happen to you. You can fight back, and on the cheap...read on.By most estimates, the overwhelming majority of damaging data loss happen via stolen laptops and handheld devices. And yet, most IT shops are egregiously underprepared to respond to the threat of damaging data leakage through asset theft, and that includes my own IT shop.

The first thing that occurred to me after I lost my laptop was that I had no capability to remotely destroy the data on my laptop. For most shops running Blackberry Enterprise Server, you may already be familiar with the ability to send a remote kill signal to a stolen Blackberry in the event of handheld loss.

Larger data-loss prevention (DLP) players often focus on complex content filtering technology, and those vendors do a great job at protecting intellectual property and leakage via various TCP protocols. Unfortunately, those same DLP players often lack a truly robust endpoint security feature that includes remote data destruction. Locking down physical ports is an effective way to prevent leakage, and encryption is an effective way to mitigate data loss, but neither is a full proof strategy for ensuring that when your data does fall into the wrong hands, it can be destroyed.

An effective DLP strategy, especially at small IT shops, does not require a huge capital investment. In fact, for cheap dollars, products such as Absolute Software's LoJack for Laptops provide a means to remotely track physical assets, remotely destroy data, while providing verification of such destruction at the same time for regulatory reporting purposes. Inspice offers a similar capability through its Trace laptop tracking and destruction software. Trace's integrated mapping feature allows you to watch your stolen laptop move from thief to new owner in real time, a sick and twisted form of entertainment for sure.

If you have no DLP strategy right now, consider a true bottom up approach that addresses the biggest threats first, the first of which should include a "LoJack for laptops" type of capability. As I cover various larger scale Data Loss Prevention products through a series of Rolling Reviews in InformationWeek Magazine, along with a detailed Analytics report, I'll use this forum to report back on the tools I'm selecting for my own "mini-DLP" implementation for the InformationWeek Security Labs. I'll also do a series of mini-reviews here if I come across a unique product that warrants a closer look.

If you have a success or failure story to tell about your approach to mitigating data loss via stolen hardware, please share it here.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Commentary
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
Slideshows
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll