Laptop LoJack lowdown
GCN Insider | Trends & technologies that affect the way government does IT
Search and destroy: Oakley Networks' SureFind allows administrators to erase data on a stolen laptop.
Like any legislation, the recent laws and policies mandating agency disclosure of personnel data loss are open to interpretation. There is the intent of the law, and then there are the pragmatic things an organization must do to abide by the law. In the case of data loss, an agency could, in some cases and with the right software, find some wiggle room in reporting the actual loss of data.
A couple of companies have introduced software that lets organizations keep track of whether data on a stolen notebook PC has been accessed, in effect allowing their customers to safely say (or, more important, not have to say) that data on a stolen device remains unread by the thieves. SureFind, from Oakley Networks Inc. of Salt Lake City, can report on whether or not data on a purloined computer has been viewed and even erase any remaining sensitive data. Computrace Data Protection, from Absolute Software Corp. of Vancouver, British Columbia, offers similar functionality.
We spoke with Tom Bennett, vice president of marketing for Oakley, to find out how SureFind works. Each notebook contains a monitoring program that, in conjunction with an alteration to the firmware, monitors all user activity on that device. It also checks in regularly with a server within the organization's network. Should the unit be stolen, an administrator can issue commands from the server to the stolen notebook to erase all of its data and file a report on what materials have already been accessed.
Of course, this setup assumes that the stolen notebook is connected to the Internet at some point after the theft. And Bennett admits SureFind offers no resistance to serious espionage, in which someone deliberately steals a notebook specifically for the data, cracks the password and fetches the data in an isolated environment.
Rather, the software helps verify that in cases where the notebook was stolen for cash value or simply lost, the data was not accessed, thus relieving the agency of the embarrassing obligation to publicly report stolen data. So while agencies can reduce the number of 'false positives,' as Bennett put it, they still face the problem of securing data against real threats, a far more difficult problem.