Emerging Technologies: How to secure new products


This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."

Download it now to read this article plus other related content.

On the Horizon
New business initiatives mean new threats. Are you ready?

From January to May of this year, the Identity Theft Resource Center tracked 136 major identity thefts affecting 56 million people. According to the Ponemon Institute, 45 percent of such breaches result from missing laptops. At an average corporate cost of $182 per compromised record, why doesn't every company encrypt laptop data?

"Worldwide, about 20 percent of laptops are encrypted," says Richard Stone, vice president of marketing at mobile security vendor Credant Technologies. "A year ago, one barrier was budget, but most companies have now gotten past that. During the VA incident, envelopes alone to notify those affected cost $11 million. Encrypting that data would certainly have cost less."

Stone believes that many companies do not yet encrypt laptop data because they have not determined exactly what they must do to comply with regulations and make their organization secure. "Measure twice, cut once applies to encryption," he says.

Booting Up
Today, most companies that encrypt laptops start with a mandate. "Ten years ago, our customers made IT-initiated point decisions," says Gerhard Watzinger, CEO of SafeBoot, which also secures mobile devices. "Now, the No. 1 driver is compliance, with corporate-wide rollouts initiated at the board level."

Alexandra Kim, executive director of ISS technology at George Washington University, experienced

    Requires Free Membership to View

this firsthand.

"It's an idea we've had for years, but a 2006 board meeting gave us a turbo charge," she says. GWU then created a five-phase plan to encrypt all confidential data with Utimaco SafeGuard. "We segmented the population and did those at the top first. Our first phase covered all users who access confidential data and carry laptops. Our next phase will encrypt all desktops in departments that use confidential data."

Highmark Blue Cross/Blue Shield in Pennsylvania found motivation aplenty to encrypt thousands of laptops and desktops. "We're a DoD (Department of Defense) contractor; we're also bound by HIPAA and SOX," says Chris Kashner, desktop specialist. "We see other companies losing data and didn't want our name in the headlines."

To address those concerns, Highmark deployed GuardianEdge Hard Disk Encryption, first to laptops, then to teleworker desktops. To stop flash drive leakage, Highmark later added Pointsec Media Encryption.

This was first published in July 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: