This has been a big issue even before the recent theft of a VA employee's laptop containing the personal information of 26 million people. Laptops, because they're mobile and used in public places, are susceptible to theft.
The best solution is to make a stolen laptop unusable by encrypting the laptop's hard drive. This makes it impossible to read or retrieve all laptop data, whether sensitive or not. Even if the hard drive is removed from the machine and reinstalled in another laptop, desktop or even test bed, the data still cannot be recovered.
A popular tool is SafeBoot N.V.'s Device Encryption, designed specifically for laptops and other mobile devices. The product is part of the company's suite of data encryption tools for various IT devices, including USB keys.
The nice thing about SafeBoot is that it requires a user ID and password before the operating system even loads. This protects users from the age-old trick of using a Linux boot disk, like Knoppix, to bypass the operating system log on credentials and access the machine.
If you require more than a user ID and password, SafeBoot can also be configured to synch with one-time password (OTP) tokens, biometrics devices or a PKI system. The tool uses RC5 and 256-bit AES encryption, and it encrypts data behind the scenes while the user is working on the laptop. This happens transparently and without affecting performance.
PGP Corp. also offers Whole Disk Encryption for Professionals, a similar product that seamlessly encrypts a laptop's or other mobile device's entire hard disk. Another popular tool is Encryption Anywhere from GuardianEdge Technologies Inc. There's also SecureDoc from WinMagic Inc., designed for Windows systems and the open source TrueCrypt that runs on both Windows and Linux platforms.
This was first published in October 2006