AS the number of mobile devices continues to increase, so do the challenges of securely tracking and managing them. The cost of losing a laptop can be much greater than the price of the hardware.
Analyst Gartner estimates laptop loss or theft costs a company more than $11,000 per incident and that does not account for the value of data that may have been lost or the liability the loss may create for the company.
Safeware, the largest US insurer of laptops, estimates about 600,000 laptops were stolen in 2001, up 53 per cent from the previous year. By contrast, thieves walked off with a mere 15,000 desktop computers.
The sudden increase in laptop thefts has brought the laptop security issue to widespread attention.
For example, while the FBI has the most laptops within the US Justice Department at 15,077. The top law enforcement agency also leads in the number of lost, missing or stolen laptops, with 317 in the audited period between October 1999 and January 2002.
In April 2001 the British Defence Ministry reported 205 laptops missing since 1997, most of them containing classified material.
To limit such thefts, software and hardware makers are churning out products, such as fingerprint identifiers, motion detectors, lock and cable mechanisms, and software.
University of Michigan professor Brian Noble, one of the engineers who created a new wearable system to simplify computer security, says the ZIA (Zero Interaction Authentication) system relies on the advanced encryption standard (AES) to keep data on laptops available only to their rightful users.
According to researchers, a user wears a small authentication token that links with a laptop by short-range wireless.
When the laptop needs decryption authority, it acquires it from the token, and authority is retained only as long as necessary. Up to 32Mb of cached, decrypted data can be re-encrypted within five seconds of the user's departure and restored in just over six seconds after detecting the user's return.
The ZIA system is unlike Caveo's Anti-Theft PC Card, which sounds an alarm during a theft.
Caveo's anti-theft device has a solid-state motion sensor memory, sound producing unit and micro-controller, along with two levels of password protection augmented by a motion password.
The company's proprietary software analyses the computer's motion history and, based on user-selected parameters, determines whether the unit is being carried beyond its normal perimeter, or if a theft is taking place.
A Caveo spokesman says future products will increase the capabilities of its motion sensor by combining externally referenced motion sensors.
Possibilities include ultrasonic, radio frequency, infrared, laser sensors and positioning systems, such as cellular-based location fixing and satellite-based global positioning.
In the meantime, there's a variety of anti-theft software packages on the market, including products from companies such as zTrace Technologies and ________________, which are embedded on notebook hard drives and allow systems to be tracked as soon as they are connected to the internet.
When a laptop is loaded with _________ __________ ____, tracking agent software silently connects with the company's monitoring centre whenever the device is connected to the internet. To protect data in addition to the hardware, Absolute also provides the option of deleting valuable corporate data from a stolen machine.
Absolute says its sales grew 9 per cent in 2001, and it expects growth of between 35 and 50 per cent this year.
ZTrace Basic, described as "virtual ______ for laptops", is a small program that also uses the internet to identify the location of a stolen laptop.
The invisible intelligent security application includes the software zAgent, which is hidden on the hard drive. If the laptop is reported missing, the zTrace recovery team identifies the computer's exact location.
Amsterdam-based start-up NAH6, which is about nine months old, plans to release its first product, Secure Notebook, this month.
This will run Microsoft Windows on top of Debian GNU/Linux, with the underlying Linux layer ensuring that all Windows files stored on a hard drive remain unencrypted.
NAH6, which expects to release much of its work as open-source software, will also offer a patch to the Mailman mailing list software sponsored by the Free Software Foundation, which upgrades Mailman to support encrypted mailing lists.
Traditional solutions have protected laptops from theft, but they have weaknesses such as cables and locks, which defeat the purpose of owning a portable computer - convenience and portability.
For that reason, some notebook manufacturers have begun looking at biometric user authentication.
Unlike passwords, biometric authentication blocks any attempt to use a portable computer until a fingerprint, voice, handprint, face, retina or iris is recognised by system hardware and software.
Not much larger than a postage stamp and as thin as 1.4mm, these silicon fingerprint sensor chips are composed of thousands of plates that allow highly accurate, three-dimensional readings of fingerprint contours.
The chips are now being integrated into laptops and keyboards. They capture up to 30 frames per second and prevent unauthorised access.
For example, Viridicom's BIOS Extension (VBX) requires user authentication before allowing the laptop to boot. Unauthorised users without the proper fingerprint match are locked out during the BIOS boot-up process, making it impossible to access files on the hard drive.
Furthermore, a study of IT professionals at medium and large companies shows that the value of lost or stolen laptop computers is often underestimated by as much as 1500 per cent.
The study, commissioned by Kensington Technology, a maker of computer peripherals and security products, finds that while most companies have established computer security procedures, lack of individual employee accountability often works against those measures. Initial estimates averaged $US3700 ($6790). But when the respondents were reminded to take into account all costs, including lost productivity, lost revenue, lost data and the replacement of critical data, estimates nearly tripled, to $US10,500.
"This study tells us definitely that we need to do more to ensure the security measures we develop are implemented as effectively as they should be," Kensington Technology vice-president Phyllis Grove says.
The $10,500 figure is still short of loss estimates indicated in the Computer Security Institute (CSI) and FBI Computer Crime and Security Survey, 2001, which finds the average loss per unit due to laptop theft is $US61,881.
The CSI survey finds average losses from laptop theft during the past five years range from $US32,000 to $US87,000. The highest reported losses range from $US500,000 to $US2 million.
Gartner analyst John Pescatore says there are as many lost laptops and handhelds as stolen ones, and losses and thefts will both increase.
"The biggest thing enterprises can do is to try to protect the information on the portable device by using encryption," he says. "Certainly, education of users is needed on how to avoid thefts and losses, particularly at airport security checks. But people will continue to be people and do stupid things."
Pescatore says services that put software on laptops to call for help if the laptop is stolen are of little use. Gartner has not found any of them to be effective.
Gartner's advice is to use disk encryption on all laptops along with mandatory password login, as in Windows 2000. For PDAs, add-on content encryption and boot lock software should be used.
Pescatore says there are insurance policies to minimise the financial impact of losing laptop hardware, but premiums are so steep that most enterprises self-insure.
www.caveo.com
www.ztrace.com
www.nah6.com
