Comments on: Locking down laptops before it's too late

Seagate CEO Bill Watkins says the flaw with current legislation is that it does not specify how to encrypt data.

[Tronman161]

Destroying Data

I was always taught the only 100% secure way to erase data on a disk is to smash it with the ol' hammer. Is this full disc encryption thing really that secure?

[dargon19888]

No.

Nothing short of physically destroying the medium is secure...

[Phillep_H]

Erasing data

You are mixing two different things.

Encryption is not erasing, it's just making it so no one else can easily read the information. Nor can you, if you forget the key.

For erasing, even a hammer /might/ not work, if you don't do a real good job. You have to figure what threat level you want to deal with, for either.

[fitzgm3]

Keep the data off the laptop

This shouldn't even be an issue. There is no reason for this data to be on a laptop in the first place. Sensitive data should be kept in a data center where a access can be controlled and tracked.

Encryption is great but it provides a false sense of security. What happens when the laptop is stolen while it is running. It is akin to someone leaving the keys in the car.

The best way to keep this data secure is to ensure there are no copies made out side the secured data center.

[jmartin724]

unfortunately...

There are entire offices in the government that use only laptops in their organization, for ease of use when traveling. IF that is their only machine, then all their work, sensitive or not, will be on it. Having a laptop is only following policy. It is easier to encrypt a laptop than to change policy from the top level of an organization.

[garyrgilbert]

Disk Encryption Speed

I had full disk encryption and it was slow, took forever to boot up! The technology needs to improve or the laptops need to be really fast (loads of ram) to compensate. It's frustrating when you are trying to develop software and have a slow computer/laptop!

[J_Satch]

I don't know how long ago...

...you used it but it is not slow now and does not require loads of ram. Maybe it's come a long way since you last used it or maybe you had to use a poor product.

[timcoyote]

Work at Work - Physical Security

We never had this problem when we all worked at work instead of taking our laptops home and working. Our homes and cars are not as secure as the workplace and we are not security minded outside the office. I don't work at home, not ever, I go to the office, so even if I had a laptop (I save the company $ by just getting a desktop computer) it would just stay at home...I know I know, I'm old fashioned and I should take work home and work extra and ignore my kids and I should live far away from the office so I need a laptop to work weekends, but I don't. And I should take a laptop on trips so I can do work instead of focusing on whatever conference, training or meeting I traveled for, but I don't. I'm a terrible person.

[DecliningUSDollar]

Seagate is struggling a bit ...

Seagate is struggling a bit with a few issues. One issue is that HDs are, or have become a commodity, so Seagate is trying to promote this as something that will justify a $/GB; however, there likely needs to be some triggering event ... 500,000 CC numbers and names lost along with the associated identity theft. In the mean time, I'm sure that Seagate will continue backing/financing those who push legislation that will force others to buy and use their technology.

[DecliningUSDollar]

edit

^higher $/GB

[euspos]

You are trusted...

When you carry a laptop you are trusted with taking the company's data "outside" - and will have to behave like that as well.

For someone traveling in sales, not having (needed) data on a laptop would be like trying to empty the ocean with a coffee cup.

I had - and struggled - with full hard disk encryption (PointSec). Why on earth would you need to encrypt the OS? No, encrypt the data stored, with as a secury method as possible.

Why? I had my laptop "crash" more than once. In most cases it was the MBR that got corrupted. On a "non-encrypted" disk this would have been a matter of minutes to fix. In my case, local IT staff (HP Services) were not trusted with tools to work around encryption. Laptop shipped to US HQ where not even there technicians were trusted with keys to bypass encryption. Keys needed to be obtained from overseas, and then it still took them time.

All in all, I was w/o laptop for about 4 days. 4 critical days in a customer relation.

A laptop in the wrong hands is just like a company car in the wrong hands. It can be a very devastating tool, even lethal. In the right hands (a trusted employee), it is a great productivity tool.

Never again FULL hard disk encryption! Encrypt the data and be done with it!

[247mark]

Naive

The law should not tell people how to encrypt their data. It is enough that the law requires encryption at all. However, to assume that the encryption will render the data useless seems naive. As we move forward, technological advances will likely require us to revisit security standards. Security of the past is no guaranty of security for the future. You'd think someone in a business of making hard drives, something so essential to information technology, would understand this.

[LuvThatCO2]

TrueCrypt

If you dont want to do full drive encryption, there's an open-source alternative called TrueCrypt. It will create encrypted, virtual 'drives' from either unformatted space on your drive, or out of large files.

I've been using it for a while on my laptop to secure my source code and email. Very easy to use, no noticable speed issues.

Will it keep my data safe from the Russian intelligence service? Who knows. But it will keep it safe from just about anyone else - particularly your average street urchin who steals laptops.

[euspos]

TrueCrypt

Thanks for the tip. Will check this one out.
Used PGP in the past but was not to happy. It needs to be "invisible" and if TrueCrypt works as you say, it might fit the bill.

Open source as well, even better!

[dargon19888]

Kind of a self serving article..

Here is the CEO of the hard drive manufacturer.
What he would like to do is to tell everyone that by adding some additional hardware to the drive, his company can secure hard drives from divulging their secrets.

Ok. Fair enough. Add to the price of the hard drive, increase the latency and read/write times all in the name of "security".
Only problem, no one knows which or how much security is needed.

And does this really lock down the data? What happens if the user of the computer doesn't have a password?

In truth, there is no simple single silver bullet when it comes to data retention and security issues.

[DecliningUSDollar]

Users - Password

Are these the same users who cannot remember one network password?

[gggg sssss]

windows EFS

free, built in, encrypt just a dat apartition / volume / folder as needed - does naybody know if it is fast enough?

[hddguru]

disk drive encryption speed

Having the encryption technology in the disk drive is much faster than software solutions and is not prone to eavesdropping and keylogging attacks. Passwords are entered during computer BIOS start.

In the HDD solutions I've read about, the 3DES/AES encryption is done in hardware at full disk data rate and adds no measurable access time or latency penalties to performance, so it is transparent to the user.