So, when you leave your house – either for the day to go to work, or when you go on vacation – do you make sure to close and lock all of the doors and windows? The furniture, the TV, the sound system – if someone breaks in and gets away with any of this, it’s a hassle, but the insurance company will replace it.
But it’s the wedding pictures, the travel mementos, the family heirlooms and all that valuable content that just cannot be replaced. The anger that can result from such a loss makes us wonder what more we could have done to protect these valuable assets.
That’s why, when we leave the house, we don’t leave the doors open. We lock everything and set the alarm on.
And yet, most organizations, when they provide laptops to their end users and send them out into the world, do just that – leave the doors wide open. There still seems to be a lot of the “that can’t happen to me” mentality. You’re wrong. The 2010 / 2011 CSI Computer Crime and Security Survey reports that 33.5% of targeted attacks are laptop / mobile device theft.
Whether authorized or not, employees will often carry sensitive corporate data on their laptops. Recent examples from www.privacyrights.org include:
- The March 30 theft of a physician’s laptop resulted in the exposure of personal information. The physician had violated VA policy by placing the personal information on his own laptop. Veterans may have had the last four digits of their Social Security number, discharge date, and medical provider name exposed.
- A Boston Children’s Hospital employee misplaced an unencrypted laptop during a conference in Buenos Aires. It contained the names, dates of birth, diagnoses, and treatment information of patients were exposed.
- A laptop went missing from a physician’s office sometime between March 16 and March 20 of 2012. The laptop contained patient outcomes data from patients in the adult ICU from 2000 to 2008. Patient names, race, age, dates of admission and discharge from the Intensive Care Unit, and results of treatment may have been exposed.
- January 23, 2014: a major medical information breach comes to light – an unencrypted laptop is lost that contains private information for 620,000 Albertans. “The database and the laptop were both password protected but the laptop hard drive was not encrypted. The company has now put encryption software on all its laptops.” Too little, too late.
One very famous incident at the Department of Veterans Affairs ended up costing them $20 million!
Novell’s ZENworks Full Disk Encryption allows organizations to easily and transparently encrypt users’ hard drives. At the University of Minnesota Physicians, who had already been using ZENworks to manage their endpoints, the desktop administrator started encrypting drives as soon as it was released with ZENworks 11 SP2. When I asked him how that had been going, he said that users did not even realize their drives had been encrypted. Once he applied the policy, the laptop just needed to be rebooted and the drive was encrypted in the background – so far, not one user had complained about any impact on performance.
How easy is it? Just create a policy:
Then set up the encryption you want:
And finally, associate the policy with individual workstations, workstation groups, or even users:
It took – literally! – about 2 minutes to create this policy and associate it. Nothing to deploy to the workstations: ZENworks uses one single agent for all of its functionality.
Coupled with ZENworks Endpoint Security Management, you can ensure that any sensitive data is properly protected and accounted for when you provision your users with laptops.
Some reminders about ZENworks:
- ZENworks is not dependent on a Novell infrastructure – it also integrates natively into Microsoft/AD environments!
- All components of ZENworks are managed through a single web-based console and use a single adaptive agent on the endpoints!
If you want to find out how ZENworks can help you secure your endpoints, download this document, which briefly goes over the features of ZENworks Endpoint Security Management.
