Full Disk Encyption doesn't protect against
a powered on, logged in laptop being stolen.
A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute. That figure is based on Ponemon's recent voluntary survey of 28 US companies reporting 138 separate cases of missing laptops. Value of missing kit was mathmagically …
[quote]
Chipzilla's Vpro anti-tampering tech will save the day and make you more attractive to the opposite sex.
[/quote]
I have one of two replies
1) Are you saying I am ugly?
2) Geeks have an opposite sex? I alway thought it was uni-sex.
Now where is that knee length coat? I just had a flash of inspiration.
"Consulting firms, law firms, financial services, healthcare, pharmaceutical, education, and technology are companies which would take the biggest financial hit from a lost notebook, according to the study."
Also in the news:
- Gravity on Earth remains constant at approximately 9.8m/s/s.
- The Earth orbits the sun.
- Wealthy people don't like paying taxes.
- Health insurance companies are happy with Massachusetts' decision to force all residents to purchase health insurance from for-profit health insurance companies.
- Many states don't want casinos because gambling is bad and immoral and leads to crime (unless it's the state lottery, or dog and horse racing).
- Sponsored surveys still work backwards, beginning with "known" conclusion.
Good for amusement purposes that is. Or good as in provoking a "who makes up these numbers?" reaction.
The fact that some companies may value their (potentially) lost or exposed data at several squillion arbitrary currency units will skew the average well above a level that's meaningful for *most* of the participants in the study.
And if it's anything like the surveys I fail to avoid, people will just have made up numbers to make the pollster[1] go away....
[1] I love the ones where they read a list of options at you without showing any underastanding of what any of the words mean...
...and read "the reason it's Intel-sponsored is because the study finds Chipzilla's Vpro anti-tampering tech will save the day ".
I realised that this study has had carefully selected data. Data which makes the monetary losses seem more, so that Intel's solution looks like a panacea that will save companies money in the long term.
Mayb you could have used the following article instead:
"Intel are the latest in a long line of IT companies which fiddle with data in order to create a scare that will sell their products."
It was Verizon yesterday...
This is utter rubbish for two reasons.
1) The Data should only be "lost" if someone dosent back up there data. Not a difficult thing to do, and somthing you should always do if your carrying around that much infomation.
2) Are they trying to claim that the avrage stolen laptop is taken by someone who cares what is on it. Most theifs will look for "like bank info and stuff", but your avrage laptop stealing scrote woulden't know what to do with even that.
"..... managers and directors have the most vital data on a biz, while executives...not so much."
So, what they're saying is that middle management have all sorts of important work-related things on their machines and the execs have all sorts of important golf-related things on their machines?
Quality, sheer quality. Worth every penny that Intel spent on it for that nugget of information alone.
The cost of a lost laptop here is the replacement, less what has already been depreciated by the beancounters (although our IT budget doesnt get the "credit" for that to offset) and the time taken to fill the purchase form in.
With regard to blackmail potential, and data protection, given that its all in the hands of HMG/Phorm/our ISP using DPI etc and they regularly distribute it to World+dog, is there any point encrypting them now?
I'd use the joke icon for the 2nd part, but actually I'm not so sure now....
Unbelievable - Really who gets paid to write these articles? I want their job i'm pretty good at story telling!
If a company invests in a solid robust encryption product then all they lose is a peice of hardware... not $40,000 like the article sggests. Really who out there who steals laptops would know how to decrypt a 256bit algorithm.
Muppets...!
Just what definition of "independent research" is the Ponemon Institute using when it states on its web site that is what it specialises in. This is just a piece of research designed to come out with an answer that suites its sponsor. I've no doubt they will claim they do this research using "independent" methods which cannot be undermined by their client. However, everybody knows that's eyewash - if it had come out with results which didn't favour its sponsor, the results would not have seen the light of day. The subjects investigated will have been narrowly defined in such a way that it will invariably come out with what the sponsor wants to hear.
As usual, yet another bit of "research" that's probably most useful as toilet paper. The only reports that are "independent" are those which are not sponsored and not behoven to any particular interest group.
It doesn't matter how robust your encryption product is, 90% of users will still leave their credentials on a piece of paper in the bag (Or on a label under the laptop)
Even in an alleged secure environment (UK MoD) where only senior personel generally have laptops, it's alarming how many users do this. The weakest link in any security scenario is _always_ the human factor.
If you work in a firm with more than 2000 employees then that just doesnt happen.
The firm I used to work for basically gave the damn things away for free.
Only about 2% of our workforce actually neeeded the damn things but everyone had one ( I refused, had a BBerry instead). I go round friends that have left the firm, to fix their 'PC' and what do I find...their old company laptop! No manager ever asked for them back, too busy, didnt even care.
We'd have £400+ a day contractors turn up, they would be given a brand new £900 Dell laptop and then they would leave as a matter of course a bit later.
Where was the laptop? Where was all the data they were working on for 4 months? What was his name again?
Oh well, havent got time to worry about that, got a project to deliver!
My suggestion to make all contractors work on a Citrix platform was considered far too expensive.
So there you go, companies dont give a fig if they lose kit. There was always money to buy more. Well there was, dunno about now.
You still beleave the "beancounter" BS? My, your boss has got you well trained. Go have a look in to it. Finance will tell people how much they have to spend, then your boss will have dicided that him getting a new BMW was more important than encription. Finance don't ever get to tell people what to spend money on, only how much the company can afford to spend. They don't actualy care what the project is, its up to upper management to dicide if something is worthwile spending the money you have on somthing.
Forget stolen laptops, merely replacing one at its end-of-life is a ridiculous fiasco. Where I work, IT gets to vet all computer purchases. Consider the following scenario:
* Our IT dolts wish for all laptops to be the same. Which means they want to buy the cheapest thing that can run Office.
* They're quite tight fisted, it's as though the money comes out of their own paychecks.
Last time, it was a 5 month ordeal that had me refusing two laptops because they hadn't met the hardware specification (a 1394 port, and an Express Card slot). Countless hours were spent dredging up hardware specifications in order to "prove" that things like my (their) 1394 camera (part of a Data Acquisition System) required a 1394 port. All of this for a project prototype that took under a month to complete. I could easily believe that 50k worth of time and trouble went into getting me a suitable laptop.
Enjoy some of these excuses from your brethren.
* It isn't "fair" if we give you a "better" one.
* If we buy that for you, we'll have to buy one for everybody.
* You don't "need" 4GB of RAM.
* You don't need a bigger hard disk.
* You don't need that video card.
* You don't need an extra power supply.
* We don't allow wireless on the premises
PS no whining about not being able to use all 4 GB; because it isn't economical to buy a 3.5GB module!
In regards to that article, I reckon that yeah, when a salespuke loses a lappy with customer lists / billing information on it or something like that, well durr hurr, everyone wishes they hadn't. A little care in planning for it is all that's needed to prevent the real damage. The rest are just junk laptops that probably need replacing anyway.
Its often just a pointless bean counting exercise based on mis-trust or a fear of over spending by a few pence.
I recall one laptop being purchased (some time ago) without an RJ45 port & having to obtain one of those daft dongle things, to add to the list:
why do you need to run that
Is there another version of photoshop you can use
look what Ive found on E-bay
They only need Office SBE (with full knowledge they use power-point a lot)
duh, your arguments also apply to flat screens, the directors have to have the biggest etc
50k for a lost laptop, cobblers. Investigation, what investiagtion. It usually goes along the lines of "You were pissed again last night weren't you?" Try not to do it again and order a new one.
Besides as a software developer all I ever use a laptop for is picking up email. Now I have a blacberry I have no need for a laptop.