|
|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads |  |
NOVEMBER 19, 2007
Data Protection for the Rest of Us New hard drives can give your computer inexpensive, government-style security
The technology needed to prevent these losses has been around for some time. But it has been hard to set up and manage, and this has limited use mainly to the federal government and industries with stringent security needs, such as health care and finance. The game is changing with the availability of easier-to-use tools, particularly disk drives with encryption hardware built in. Security experts believe the only safe way to protect data from determined snoops is with encryption based on tamper-proof hardware. Such hardware has been offered on some IBM (IBM ) or Lenovo ThinkPad models since 2001, and today the technology, known as the Trusted Platform Module, is available on most laptops designed for corporate and government accounts. Yet just because it's there doesn't mean it's used—and most of the time it isn't. I tried a system that makes data protection radically easier. It was a Latitude D830 notebook from Dell (DELL ), the first company to offer this feature. The notebook was quipped with Windows XP, a Seagate (STX ) 120-gigabyte Full Drive Encryption (FDE) hard disk, and software from Wave Systems (WAVX ). The FDE drives, available on Latitude D630 and D830 models, add $120 to the cost. Setting up the drive encryption takes about five minutes the first time you use the computer. Basically, it consists of setting administrator and user passwords, which can be the same. During the setup, you get a chance to save the passwords to a thumb drive. Do it. And make sure to store the key in a secure place, such as a safe. Once the drive is encrypted, there is—by design—no way to retrieve the information that has been stored on it without the key. Security is based on the Advanced Encryption Standard (AES), which the U.S. government uses for nonclassified communications and recommends for securing commercial data. It is possible, but unlikely, that the National Security Agency knows how to crack AES, but it's a safe bet no one else does. The data encryption is essentially invisible to the user. Because the encryption and decryption of data are handled by the drive hardware, not the main processor, there is little or no impact on performance. I noticed only two differences from a standard Windows PC. One is that you have to log in twice—the first time, simply to gain access to the drive before the laptop boots Windows. The other difference, a mild annoyance, is that for security reasons, the software disables Windows' suspend mode, which lets you resume work almost instantly after a temporary shutdown. Instead, your notebook will hibernate when you close the lid or let it sit for too long while running on batteries, and it will take a bit longer for you to resume work. Although Dell is offering the encrypted drives on laptops marketed primarily to large enterprises, the drives are simple enough for individuals or small businesses without IT departments to use. I expect Dell and other manufacturers will start offering this feature on a range of products, including PCs geared to small businesses. If you have a computer that's equipped with Trusted Platform Module hardware and that runs the Ultimate or Enterprise version of Windows Vista, you can use a different feature, called BitLocker, that encrypts all or part of a drive. It is, however, considerably more difficult to set up than the system I have described. As technology improves, excuses for not encrypting hard-drive contents are rapidly disappearing. If you have data whose loss would be costly or embarrassing—and who doesn't?—it's time to make sure that information is safe. For past columns and online-only reviews, go to Tech Maven at www.businessweek.com/technology/wildstrom.htm  By Stephen H. Wildstrom
BW MALL
SPONSORED LINKS
Get BusinessWeek directly on your desktop with our RSS feeds.
Buy a link now! Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2007, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Notice |
Printer-Friendly Version
