In a business world threatened by negligence, regulatory compliance, sabotage, corruption and terrorists, never has corporate data been more available and less secure. Certain industry groups estimate that through 2006, 90% of mobile devices containing business information will have insufficient power-on protection and stored data encryption to withstand casual to moderate hacker attacks.
Desktop and notebook personal computers, along with PDA's and smartphones, (collectively “devices”) have become indispensable tools for business and home use. Notebooks and tablet PCs are popular business tools—approximately 55 million portable PCs will have been shipped in 2005 according to estimates. Consider that the vast amount of information on these devices is at risk in less than one minute, unless additional security measures beyond the standard Windows® login password are used.
Sensitive company and personal information is routinely stored on the hard disk drives within these devices. This sensitive information includes login information for banks and corporate systems as well as account numbers and other information necessary to use these systems. Storing such information on devices is necessary for the operation of business both in corporations and at home. However, the need to store this information creates a serious risk of identity theft if the device is lost or stolen and the information is not protected. For this reason, there is a significant need to protect the information stored on devices.
There are numerous public examples of notebooks and desktops being targeted for theft. For example, Wells Fargo alone had three separate incidents in one year where devices were stolen and information was potentially compromised—not to mention the damage done to their reputation and credibility by the publicity surrounding the thefts. Nearly 50% of the respondents to a 2004 industry study noted they had experienced lost or stolen laptops. While hardware is replaceable, a $1500 notebook can easily contain millions of dollars worth of sensitive information. In addition, regulations such as California SB-1386, Gramm-Leach-Bliley, and HIPAA dictate fines for the exposure of certain sensitive information.
The expectations for protecting information stored on a PC are quite simple—ensure that only authorized users are permitted access to sensitive information stored on the device. Of course, there are vast amounts of data on a notebook or desktop hard disk drive that need not be protected because it does not contain sensitive information. Windows® operating system (“OS”) and program files, for example, are binary files typically devoid of sensitive data. Encrypting these files—scrambling the information making it inaccessible to unauthorized users—can have catastrophic consequences. For example, corruption of an encrypted OS or program file can cause system instability and possibly prevent machine booting or user log-ins, hampering the productivity of remote or traveling employees. In addition, within corporations, there also exists a need to centrally manage the encryption parameters for a device because of the difficulty to physically access each device when encryption needs change.