The number of companies that are switching on to mobile computing is growing day by day, and as a result the laptop is becoming an increasingly familiar part of our everyday business routine. In fact a recent survey pointed to the fact that as much as 60% of companies now use laptops as their primary system.
There’s no doubt that the static office is being consigned to the scrapheap as mobile working becomes the norm in businesses across the globe. But whilst there are undoubted benefits to this new way of working, the mobile office does have its pitfalls, chief amongst which is data security.
A new threat
We’ve all read the scare stories of lost or stolen laptops and unencrypted storage devices left on public transport. But whilst there is an undoubted cost to companies’ reputations with these situations, the security threat posed by lost data is even more costly. A recent report listed the average cost of a lost or stolen laptop at $50 000 and suggested that 30% of respondents value the data on their laptop or desktop at over $25 000.
And it’s not just lost devices that are giving companies a headache. The increased risk of data being accessed from behind the confines of the company firewall is also an increasing worry at a time when businesses are facing the ever-present threat of cyber-crime.
The problem is that whilst our working practices have changed rapidly, our security solutions have not. The same technologies for network security have been used by companies for the past 20 years, which rely on building software defences in ever more complex layers. Not only is this aged and inadequate methodology struggling to cope with the ever-evolving threat of cyber crime, but it is also being deployed to defend systems in a radically changed and evolving network environment.
Securing the system
Within the bricks and mortar of company premises, it’s very easy to secure endpoint devices and all but guarantee that machines haven’t been compromised. But, with an increasing number of mobile devices accessing data externally, it can be difficult to confirm that these have not been tampered with by a third party.
A strong foundation of trust in all endpoint devices is crucial then but traditional software based systems are not able to provide this fully. There is, however, another solution. The Trusted Platform Module, a security chip attached to a computer’s motherboard, can establish automatic and transparent authentication of known network devices and users.
Because the TPM chip is physically part of the device, it is uniquely suited for creating and verifying strong device identities and ensuring only authorised access to networks. The TPM helps enforce “only known devices on my network” and if the thieves cannot get on the network with an untrusted device, they cannot steal anything from the enterprise.
This form of in-device security offers the ideal marriage between the demands of mobile workers and the security needs of organisations. It is also already present in the vast majority of business PCs and laptops that are currently in use, which means that it’s also easy to implement. It is no surprise then that more organisation are turning to the benefits provided by adopting Trusted Computing standards.
In-device security can also provide a solution to safeguarding external drives. Self Encrypting Drives (SEDs) were one of the data security industry’s best-kept secrets, but are now being promoted by governments as a de facto standard.
Not only are they easy to use, but they also do not interfere with a computer’s performance and importantly cannot be turned off. Over the average three-year lifetime of a laptop, SED management is just a third of the cost of a software management solution.
Current network and endpoint device security is focussed on the user. But there is strong evidence that many employees switch off their company computers’ security systems, purely because of the detrimental impact it has on performance.
But what these employees fail to realise is that they are opening up company networks to cyber attack and potential data breach. SEDs are always on from the second they leave the factory though this encryption is completely transparent to the user. To protect data from theft the end user has to use a password. This password not only protects the data but also the media encryption keys, which means that companies can be assured that their data is safe even on a lost drive.
The point is to move the security focus from the user to the endpoint device. TPMs and SEDs provide the most robust defence of the device and ensure it is known and trusted on the network.
In a world where data protection is becoming an increasingly important concern – and one that is costing the worldwide economy up to $1trillion a year – the adoption of TPMs and SEDs, managed by policy-based network security management software solutions are the next step forward for organisations of all sizes.