Wave not mentioned but solid mainstream article from today's WSJ Online on laptop security deployment.
Svenm
More Firms Ride Wave of Mobile Security
IT Managers Adopt Encryption Technologies,
Basic Tools to Safeguard Data on Laptops
By JIM CARLTON
February 27, 2007; Page B5
The proliferation of stolen and lost laptop computers has challenged corporate information-technology managers to find new ways to protect often-sensitive data on the mobile devices.
Accounting giant Ernst & Young LLP, banker Northern Trust Corp. and health provider Kaiser Permanente are among an increasing number of companies beefing up security around their mobile computers, cellphones and personal digital assistants. Many IT managers are turning to encryption technologies that convert data into a code requiring a key held by the authorized user to translate.
Others are focusing on altering employee behavior to reduce the chances of losing a laptop or hand-held device outside the office. More computer manufacturers are installing technologies such as fingerprint readers on devices to identify authorized users. And more-basic security tools such as antitheft cables and locks are being put to greater use to protect portable equipment.
The problem has created a boom in the computer-protection industry. Tech-service giants Electronic Data Systems Corp. and International Business Machines Corp. said security of laptops and other mobile devices is one of their busiest areas.
Smaller companies, such as Pointsec Mobile Technologies, a Lisle, Ill., maker of encryption software for laptops and hand-helds, are benefiting as well. The company said its 2006 sales more than doubled to $72 million. "What's driving all of this are headlines every other week about some [laptop] breach," said Marty Leamy, president of Pointsec, a unit of Sweden's Protect Data AB.
Cost of $182 a Record
The swell of corporate activity highlights how big the problem of portable-device security has increased. Since January 2005, about 100 million records containing sensitive personal information have been breached in laptop and other computer thefts at corporations and government agencies around the U.S., according to the Privacy Rights Clearinghouse, a nonprofit consumer group in San Diego.
An August study by the Ponemon Institute, an industry consulting firm in Elk Rapids, Mich., also found that 81% of nearly 500 companies surveyed lost one or more laptop computers containing sensitive information in the previous 12 months. Ponemon said the average cost of a data breach is $182 per record, or an average of $4.8 million per breach for companies affected.
Last year children's retailer Gymboree Corp. started encrypting data on all of its laptops because of what a spokesman said was the company's desire to "be a little ahead" in terms of securing the company's computer data.
But before the encryption could be completed, three laptops were stolen from Gymboree's San Francisco headquarters, including one containing a confidential list of employees. Those laptops had been password protected, but not encrypted, Gymboree officials said.
"The idea that that information was put out there was stressful, to say the least," said Gymboree spokesman Jamie Falkowski. The laptops haven't been recovered but the encryption program has since been completed, and the company now locks all laptops in desk drawers at night, he said.
At IBM, the Armonk, N.Y., computer giant about a year ago set up a business unit dedicated to security out of its global-servicing business for the first time. EDS officials said client concerns about data security have increased since the Sept. 11, 2001, terrorist attacks.
A Breach at the VA
One of the more publicized recent incidents involved the theft of a laptop containing confidential information on more than 25 million veterans and soldiers during a burglary in May at the home of a Department of Veterans Affairs employee in Aspen Hill, Md. The computer was later recovered on the black market, and two men and a juvenile were charged in the case. In August, the VA announced that all the agency's computers would be protected with encryption software.
VA officials weren't immediately available for comment, but in an August news release, VA Secretary R. James Nicholson said the encryption system "will be a tremendous step forward in improving the safety and security of sensitive veteran information."
Similarly, Ernst & Young, of New York, ordered encryption software and password protection installed on all computers for its 30,000 employees in the U.S. and Canada in May, following a theft in Texas of a car containing a company laptop. The laptop contained data for about 243,000 customers of Hotels.com, whose parent, Expedia Inc., was being audited by the accounting firm.
Officials of Ernst & Young declined to provide details on the incident. A spokesman for Hotels.com said at the time the company "deeply regrets" the incident, and together with Ernst & Young is "committed to providing assistance and credit monitoring services for customers" whose data was on the stolen computer.
Some Common-Sense Steps
Officials at EDS, Plano, Texas, said they also are helping corporate customers outfit themselves with more basic laptop security tools, such as cables to lock the notebooks in a hotel or office. EDS and other services companies also are showing companies how they can program some hand-helds, for instance, to erase their memory when stolen. Wireless-service provider Sprint Nextel Corp., for example, offers cellphones whose data can be wiped out by a remote signal if lost or stolen.
EDS also offers suggestions to its clients on ways to avoid theft of laptops and other devices containing confidential data , including common-sense steps like not leaving a laptop in a car. "Laptops are so portable, and people tend to go everywhere with them," said Dave Morrow, chief security and privacy officer for EDS.
The extra security has its downsides. One issue is privacy. Products are coming on the market that can tell an employer exactly where his or her employee is, due to tracking software.
Write to Jim Carlton at jim.carlton@wsj.com
