This article can also be found in the Premium Editorial Download "Storage magazine: Top 15 Storage hardware and software Products of the Year 2006."
Download it now to read this article plus other related content.
If the OMB memo wasn't enough to grab the attention of IT, regulations emanating from California and rippling through dozens of states across the country are spurring companies to protect laptop data. California SB 1386 requires any organization that conducts business in the state and owns or licenses computerized personal information to notify anyone whose information might be at risk because of a breach in security. However, if the information is fully encrypted, the organization doesn't have to go through the notification process, thereby avoiding public embarrassment as well as potential liability.
When it comes to protecting data on laptops, organizations can implement full disk encryption or risk the consequences. In addition, organizations should evaluate their user-access controls, and review and enforce policies designed to protect data on laptops.
They also need to take laptop backup more seriously. Beyond simply keeping data from prying eyes, companies are beginning to recognize that data residing on laptops is valuable organizational knowledge that may not be sensitive but is too valuable to lose. For this, companies are turning to everything from remote backup for laptops and USB thumb drives, to file synchronization and backup over the network. Analysts suggest a four-layer approach to laptop data protection: policy enforcement, data backup and file synchronization, encryption and authentication (see "Four layers of laptop data protection").
|Four layers of laptop data protection|
First, organizations need to establish and enforce security policies for laptops. "Companies need to make it clear that the data on laptops is company data--valuable intellectual property that must be backed up," says W. Curtis Preston, vice president, data protection services at GlassHouse Technologies Inc., Framingham, MA.
A company policy could go so far as to define what data can be stored on laptops. "Why keep [company-sensitive] data on the laptop at all?" asks Avivah Litan, vice president and distinguished analyst at Gartner Inc., headquartered in Stamford, CT. "The only possible valid reason is a remote worker who needs that data in the field and has no access to a network," she adds, noting that the data should then be encrypted.
This was first published in February 2007