When
Data Destruction Is Good
Credit Union Journal News
The two machines were among a dozen remote laptops protected by software that encrypts confidential files and “kills” the data when a machine goes missing, said Ed Cross, vp-information technology at the $365-million CU.
The Lost Data Destruction (LDD) solution, provided by Santa Clara,
Calif.-based Beachhead Solutions, thus eliminates the risk of lost data,
according to
Machines Never Recovered
The two machines were never recovered, Cross continued. “We would have been a lot more concerned if we hadn’t hardened our security posture and put the Beachhead solution in place a few months before the laptops were stolen. We might have had to go through a full-blown disclosure to members.
“We trust our laptop users, but we don’t trust them 100%,” he explained. That’s probably a good idea: more than one-third of the nation’s employees record their passwords either on paper or in computer files, according to Wellesley, Mass.-based Nucleus Research. Some leave behind laptops in public places or unlocked cars.
“Beachhead fell right in line with what looking for by continually encrypting the contents of the hard drive, without a lot of requirements of the user, and by taking some kind of action if machines are stolen.”
Machines Never Reco
Via the LDD Web interface, E1 Financial enters the status of each machine, whether it is lost, stolen, checked-in, or inactive, and sets policies and rules that control what happens to the data on a missing laptop, said Marvin Solis, network manager at the credit union.
In the event a machine is lost or stolen, E1 Financial deletes all encryption keys and files, and reboots the computer constantly, rendering it unusable, said Solis.
As an additional precaution, users must log in to the host server on the Internet at least once every three days, he said. LDD warns users if they haven’t logged in, and then provides an additional one-hour grace period before it deletes the user’s encryption keys and files, Cross said.
“I’ve seen all the files deleted on a laptop when a user went on vacation, came back, and then started using the laptop without connecting to the Internet,” Cross said. “What we want to do is render the machine useless if it’s outside of our domain and control.”
Encryption keys or files are also deleted after 10 failed log-ins, Solis added.
Beachhead is the newest layer of the credit union’s data security for laptops, which also includes secure operating systems, firewalls, BIOS passwords, finger-pad biometrics, registration and lock-downs on removable media, as well as physical security, such as cable locks.
What’s more, E1 Financial doesn’t store member data on laptops, and it automatically deletes data that may have accumulated in temporary files on hard drives. Therefore, there is very little data to lose off of a laptop in the first place, said Solis.
“We like the multi-layered approach, not just a single process or a single software suite to protect our data,” said Cross.