Part 2: Building an Armored Laptop
Part 2: Building an Armored Laptop.
An earlier post— The Mobile Worker’s IT Bill of Rights– summarized what is desired from secure mobile computing for corporate workers on-the-go. Any, every enterprise will benefit from lessening the burden placed on mobile workers to protect the devices that they cart around—primarily laptops—containing corporate, customer and regulatory data. This is especially true when they are untethered from the protective corporate network and connected to public WiFi. Additionally, there’s also the worry of the loss of a laptop, or still worse, having one stolen. Once freed from the ball-and-chain, these workers will be far more relaxed, productive, and effective to further the business of the enterprise.
In this part we’ll examine the state of the art of constructing a laptop operating system image that will enable these rights and empower mobile workers. Simply put: it’s not easy!.
There are several aspects to the protection of the sensitive information that resides in enterprise IT. It resides in abundance on file, database and email servers. It also resides on desktops, laptops, and mobile devices in smaller quantities—smidgens of it when compared to the quantities residing on the servers—which, though, could collectively add up to quite a bit.
The hackers are after the mother lode—the data that resides on the server—and will use any and all unwittingly offered paths to get to it. The devices used by mobile workers, when untethered from the safety controls of the network enterprise, are more susceptible for hackers to plant malware in. Once docked to the network on return to the office, such malware will probe the network and laterally move to where untold treasures lie.
Though, make no mistake, the information contained on mobile devices is sensitive—customer data and intellectual property – and is always of value to a hacker. The popularity of ransomware attacks is borne out by this fact.
The list of software and hardware solutions to protect laptops from being intruded into or just plain stolen could fill up volumes. Let’s now look at a few of the building materials that go into the construction of an armored laptop.
- Disk encryption: whether full disk or file-based, this mechanism scrambles meaningful information into garbled data so it is safe when stored. It transforms it back to meaningful data transparently when the user logs in.
- Biometric authentication: provides a strong authentication mechanism as a defensive measure against password guessing. The swipe of a finger, the laptop webcam scanning your face for a positive ID; there are multiple methods for stronger authentication.
- Anti-virus: a security application that will detect and remove virulent software being installed on it.
- Firewall: An application that allows or blocks other applications that are running on the computer. A particularly useful defense as penetration attacks are launched via WiFi networks.
- Laptop lock: An old-fashioned chain and lock that prevents someone from physically picking up your laptop and walking away with it while you grab a napkin from the café counter to mop up spilled coffee. This is provided that you don’t mind the stares from other patrons on seeing you chain your laptop to the table.
Such controls are essential to the protection of the valuable information constantly on-the-go. However, they cannot be too restrictive: blockades prevent the legitimate access and use of resources. Neither can they be too lax. The vital point to be made here is that one cannot stand still with a set of defensive measures; they have to be constantly reviewed and revised to stay relevant. How well they dig in their heels and prevent data loss when subject to the relentless offensives from determined intruders should be of serious concern to the enterprise Cyber security stakeholder.
In short, one is forever building Fort Knox—on every laptop.
Your company is not in the business of building armored laptops and other mobile devices, and, therefore, why must it get bogged down by having to become a Cyber armaments expert? There is an alternative though– a light at the end of the tunnel. More on this in the next in the series…