Lose the Laptop, Not the Data

Portable computers and removable media like USB flash drives have freed users and sparked a growing trend toward a mobile workforce. While mobile computing offers a variety of business benefits, it also presents the challenge of protecting sensitive data on remote, roaming systems and devices.

The irony is that the very things that make notebooks, netbooks, Ultrabooks, and USB flash drives great tools for working on the go also make them easily lost or stolen. These systems and devices may contain gigabytes of sensitive data. The challenge is to be able to protect the data itself even if the computer or flash drive falls into the wrong hands.

The Secret Threat

Computer security and data protection are often perceived as a battle of “us versus them.” There are trusted, authorized users within the company, and a great horde of malicious attackers “out there” trying to steal or compromise the company’s sensitive data. That perception, however, doesn’t match reality.

A Ponemon Institute study in early 2011—sponsored by Symantec—found that the leading cause of data breaches is user negligence. While incidents involving hackers infiltrating networks and stealing sensitive data certainly occur, it is much more common for mobile employees to lose a USB thumb drive loaded with customer account data, or leave a laptop loaded with hundreds of gigabytes of company information sitting in an unlocked car.

Patchwork Protection

Some data-protection solutions encrypt individual files, or designate a specific encrypted folder to house sensitive data. The problem with this approach is that it relies too much on user discretion.

In order for users to mark files for encryption or place files that need encryption into a specific folder, they must know and understand your organization’sestablished data-security and data-handling policies, and then make a judgment call on a file-by-file basis. Leaving data protection up to the user makes the data vulnerable to human error and negligence.

Another problem with file-based encryption is that it doesn’t take into account things like swap files, temporary files, hibernation files, or other transient or hidden data. You want a solution in place on your mobile devices that takes the guesswork out of the equation by securing and protecting every bit of data.

The Whole Ball of Wax

Symantec PGP Whole Disk Encryption protects the whole drive—whether it's in a laptop or a desktop computer. That way, the encrypted data is protected from unauthorized access even if the computer or device ends up in the wrong hands.

An encryption solution like Symantec PGP Whole Disk Encryption has to walk a fine line, though, to effectively protect data without getting in the way of, or adding unnecessary effort for, the user. Once a user successfully authenticates with the system, the protected data is seamlessly accessible to them, as if it weren’t even encrypted. The user doesn’t need to give the protection a second thought. What's more, PGP supports single sign-on for Windows users, meaning there's one less password to remember.

The hacker who gets ahold of a protected device, on the other hand, will have a much harder time accessing the data. That's because all the drive’s data is always stored in an encrypted state. As data is accessed, it is decrypted in memory and presented to the user. Any new files, or changes to existing files, are encrypted and written to the disk on the fly. If a laptop is stolen, the data on the drive will be useless to the attacker even if the drive is removed and placed into another system.

You can manage PGP Whole Disk Encryption for all your systems from a central console. You can deploy protection to remote systems, create and distribute data security policies, and generate reports from PGP Universal Server.

Check out Symantec PGP Whole Disk Encryption, and protect your mobile devices so that you can rest assured that your data is safe no matter what happens to the laptop that contains it.

Subscribe to the Security Watch Newsletter