Eliminating the Laptop Threat

Here's a real different take on dual-factor authentication

We used to say that the wallet was worth far less than the money it contained, that analogy simply can no longer adequately address the vast disparity between the cost of an $800 laptop and the seven-figure plus impact that loss or theft can bring.

After the fact it appears that in each case the data wasn't the target, the laptop was. We've always known the value of the data on a PC was more valuable than the PC itself, but under the current environment the ability for a lost laptop to do material damage to a firm far exceeds anything we have considered in previous decades.

Forget viruses and spyware for a moment -- not that these can be ignored, but theft is a bigger deal. In addition to loss and damage, new rules now force public disclosure of these thefts. For some institutions, this has been incredibly embarrassing. (See Laptop Theft Hits Toyota, No Wires & No Policies, and FBI Recovers Stolen Veterans Affairs Laptop.)

It would seem that the best way to address this problem is to destroy the market for stolen laptops and, as it turns out, there is a technology that can do this.

Thinking Outside the Box
A few weeks ago, Microsoft and a series of partners unveiled an initiative called FlexGo, which provided favorable leasing terms to those wanting to buy new PCs in developing countries. The problem with financing programs in the past was a combination of no financial infrastructure to handle the loans, and the inability to repossess the hardware if the payments weren't maintained. In fact, it was believed that hardware sold this way would simply lead to losses for any reseller.

To combat this, a technology called TCSubscribe was created by Phoenix Technologies which renders the hardware, either as a complete system or as components, unusable if the buyer doesn't make his payments.

Now, what if this technology was repositioned so that, were a laptop stolen, it would simply stop working and the components wouldn't work either? This would virtually eliminate any reason to steal laptops for resale and leave us with the folks that were actually taking the thing for the data. Coupled with strong encryption of the disk and good user authentication, laptops could actually become more secure than most desktop PCs.

It is interesting to note that Phoenix worked with another company, Absolute, on a similar solution years ago when few saw any value. These new disclosure rules have clearly changed the landscape.

Looking Farther Forward
Given that PC hardware vendors are in close competition to provide the most secure platform, it is my belief that, before long, we will see a solution like this. However, as we mull this probability, many have been trying to figure out a way to make the trigger event (the thing that turns the laptop into a boat anchor) near instantaneous.

That leads us to using the cell phone as part of a multi-factor authentication solution. Let's say we wed each cell phone's unique identifier with this solution, and when the laptop can no longer "see" the associated cell phone, it blanks the screen and secures access. If, after a set period of time, the user doesn't re-authenticate, the laptop goes inert until proper multi-factor authentication can be presented to unlock it.

In doing background for this piece, we discovered Phoenix had demonstrated a Bluetooth solution that would work much like we've summarized. Once again, it appeared the technology was ahead of its time, as few seemed interested.

With laptops increasingly being equipped with wide-area wireless and GPS there is an opportunity, at some future date, to have a true Lojack feature where a code could be sent to the laptop. Not only would it become inert, the machine would start broadcasting its location for quick retrieval.

One interesting feature would be to have the cell phone and laptop beep if the two devices become separated. This would help prevent folks from leaving notebooks at airport scanners or forgetting their cell phones in taxis.

Of course, if we applied ring tones to this, we could probably get cell phones and laptops that could yell for help, giving some real value to this obnoxious technology. Combined with biometrics, this could provide incredible piece of mind.

Everything I'm talking about doesn't require any new technology, only different applications of stuff that already exists. In many cases, Phoenix and others have demonstrated parts of these solutions already, and we are simply waiting for the forward looking OEMs to pick them up.

In a world that is increasingly unsecure, wouldn't it be great to truly fix one of the more visible exposures? We sure think so and hope that this kind of solution comes sooner rather than later.

— Rob Enderle is President and Founder of Enderle Group . Special to Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)
  • Phoenix Technologies Ltd. (Nasdaq: PTEC)