This has been a big issue even before the recent theft of a VA employee's laptop containing the personal information of 26 million people. Laptops, because they're mobile and used in public places, are susceptible to theft.
The best solution is to make a stolen laptop unusable by encrypting the laptop's hard drive. This makes it impossible to read or retrieve all laptop data, whether sensitive or not. Even if the hard drive is removed from the machine and reinstalled in another laptop, desktop or even test bed, the data still cannot be recovered.
A popular tool is SafeBoot N.V.'s Device Encryption, designed specifically for laptops and other mobile devices. The product is part of the company's suite of data encryption tools for various IT devices, including USB keys.
The nice thing about SafeBoot is that it requires a user ID and password before the operating system even loads. This protects users from the age-old trick of using a Linux boot disk, like Knoppix, to bypass the operating system log on credentials and access the machine.
If you require more than a user ID and password, SafeBoot can also be configured to synch with one-time password (OTP) tokens, biometrics devices or a PKI system. The tool uses RC5 and 256-bit AES encryption, and it encrypts data behind the scenes while the user is working on the laptop. This happens transparently and without affecting performance.
PGP Corp. also offers Whole Disk Encryption for Professionals, a similar product that seamlessly encrypts a laptop's or other mobile device's entire hard disk. Another popular tool is Encryption Anywhere from GuardianEdge Technologies Inc. There's also SecureDoc from WinMagic Inc., designed for Windows systems and the open source TrueCrypt that runs on both Windows and Linux platforms.
Dig Deeper on Two-factor and multifactor authentication strategies
Related Q&A from Joel Dubin
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading