Druva Software said it has the solution to a stolen laptop problem that researchers say costs companies a combined $2 billion a year: software that can encrypt, track down and remotely wipe sensitive data from missing machines.
Druva this week rolled out an optional SafePoint module for its inSync data backup software. SafePoint offers 256-bit AES encryption for laptop security, and uses the Global Positioning System (GPS) to track down a missing laptop and remotely wipe all the data on the machine. The software can destroy laptop data either when the device goes online, or if the user fails to correctly login to the device beyond a predetermined limit, Druva CEO Jaspreet Singh said.
“We see a lot of changes in people’s perception of data protection in laptops and mobile devices lately, and things are changing now. Twenty-eight percent of corporate data relies exclusively on laptops, and it is high time people realize that,” Singh said.
He said SafePoint only encrypts critical data from a laptop, allowing administrators to filter out a user’s personal music collection, for example. This selective backup frees up a considerable amount of data from an encryption process and concentrates on “mission-critical” data, he said. Singh said the average desktop has about 12 GB of mission-critical data of about 70 GB of total data stored.
SafePoint is available in two versions—an on-premise model that costs $15 per user and a cloud model that will cost $1 per computer per month. Singh said he expects about 80% of customers to choose the on-premise option.
According to an Intel-sponsored study released in September by the Michigan-based Ponemon Institute, a review of 329 private and public organizations estimated the average cost of a lost or stolen laptop at $49,246 per unit. It also reported that, based on survey data, those organizations lost a combined $2.1 billion during the preceding 12 months due to lost laptops.
“But it is not the replacement cost that should have companies concerned. Rather it is the data and the risk of a data breach that can have serious financial implications for companies. The cost of a data breach, as we determined in the 2009 study, represents 80% of the total cost of a lost laptop compared to 2% for replacing the computer,” researchers wrote.
The study also reported that about 46% of lost laptops carried “confidential data,” but only 30% of them had some kind of encryption in place, and about the same percentage had been backed up. Ten percent of the laptops had any anti-theft features.
Loss of critical data costs companies more than hardware
Lauren Whitehouse, a senior analyst at Enterprise Strategy Group, agrees that the biggest damage from lost laptops or mobile devices is in the loss of critical data rather than the price of the hardware.
“The mobile stuff is tough," she said. "You don’t always have people connected to the network when the backup has to happen. There are a lot more mobile users than there were a decade ago… I think it’s kind of a nuisance for IT; they don’t want to deal with the endpoint devices, because frankly they look at it and say, ‘I can just get a replacement and put my gold image on it and that’s a lot easier for me from a recovery standpoint.’ The more progressive organizations are realizing that you’ve got an 80 GB hard drive now and you’re storing a lot more critical information.”
Whitehouse said backing up crucial data on laptops can help determine what is on a lost machine. But organizations are not consistent on how to handle laptop data backup, according to ESG’s research.
“They’re starting to take steps, sometimes it’s more of a do-it-yourself, though. They’ll say, ‘Yeah, we’ll protect you, just sign up for a service or buy yourself a portable hard drive, and just expense that,’” she said. “There are other organizations that don’t want to lose control, and leave it in the hands of the end-point user.”
Brien Posey, a contributor to SearchDataBackup.com and a former CIO, said some organizations simply don’t allow data to be stored on laptops, so there’s no need to back up the machines. But many do allow storage, and leave backups to the users.
"Most of the companies that I know of that do allow employees to save data to laptops make it the end user's responsibility to back up their own data," Posey wrote in an email.
Posey said that most companies are not “behind the times” on backing up and securing laptops, but noted that there’s a problem with securing and backing up data from tablets and smart phones. Posey said the competing mobile operating systems for the devices means each device has its own proprietary API, making backup applications for one device incompatible with another.