Mobile Security: A Surefire Laptop Encryption Strategy

Mobile computing brings increased productivity to the enterprise, but it also opens up businesses to mobile security risks. One of the biggest problems mobile IT departments face is figuring out how to secure confidential information stored on laptops and netbooks. These mobile devices are often stolen or lost no matter how careful the owner, and it's safe to say that laptop theft and loss will continue to be an ongoing challenge for mobile device managers.

There are different security controls mobile IT can put in place to secure the private information on laptops, including personal firewalls, passwords, recovery software (e.g. LoJack for Laptops) and end-user "Rules of Behavior" explained in corporate policy. However, none of these security controls come close to providing the security that self-encrypting drives offer.

The hardware-based, self-encrypting drive solution is so effective, that I'm fairly confident that this nascent market will become a huge trend and be widely adopted in the enterprise. Here I'll outline the reasons why this strategy is so sound -- and why software-based disk encryption is not -- and will also provide an overview of the top vendors in this sector. Finally, I'll also list the types of businesses and agencies that can benefit from this mobile security approach.

In 2008, according to a study done by the Ponemon Institute, 12,000 laptops were lost in U.S. airports each week. According to DatalossDB, 20 percent of all security incidents are due to stolen laptops. When a laptop is lost or stolen, obviously all of the information on it is at risk. In addition to the owner's personal data, national security secrets, patents, original source code and authoritative records can be exposed.

If losing the laptop and information were not bad enough, nothing is more embarrassing to an organization than having to make a public announcement about it. Government agencies and publicly traded companies are required by law to report such security incidents. Laptop encryption can help enterprises avoid security risks and the associated consequences, and there are two commonly practiced approaches -- software-based disk and hardware-based disk encryption.

Software- vs. Hardware-Based Full Disk Encryption

Software-based full disk encryption is not actually new. It's been around for a few years, and while it does appear to work, it has not been adopted on a large scale. Managing software-based full disk encryption at the enterprise level is cumbersome, which is one of the reasons that it has not been widely deployed. Many users refuse to use software-based encryption and disable it after it has been setup.

One reason that users disable it is because the performance for software-based encryption is sub-optimal. Disks that are encrypted by the software have much slower throughput than disks encrypted by the hardware.

The time it takes to perform the initial encryption for a software-based full disk encryption solution takes hours. In a recent analysis done by Trusted Strategies, one software-based full disk encryption product took almost 24 hours to encrypt a 500 GB drive. In this same lab test, the software-based full disk encryption product that worked the fastest took a little over three hours. For hardware-based full disk encryption, the encryption time is virtually instantaneous.


laptop security, mobile IT, encryption, mobile computing, mobile security
12 Next