CIO.com has an article titled “Three Reasons Netbooks are Not Enterprise Ready.” One of the reasons is that “netbooks pose a security risk,” and while I agree with the arguments (and also agree with the counterarguments supplied in the article’s comments section), I do have some reservations about one quote.
I can only assume that a quote was taken out of context; otherwise, the availability of data security products–like AlertBoot endpoint encryption’s hard disk encryption–will be for naught because data security includes and requires, among many things, the right attitude.
The Quote In Question
According to the article,
“…because Sovereign is a financial institution governed closely by privacy laws, the netbooks would need to be well encrypted and secured, he [Rapp] adds.
Rapp [the Assistant VP of tech] estimates that to fully encrypt a fleet of netbooks would be costly and ‘not truly justified for such low-end devices,’ he says. ‘Therefore, we typically purchase higher-end laptops for our users that already have these necessary capabilities.'”[My emphasis]
Again, I assume that he was quoted out of context because the decision to use encryption is not, and cannot be, conditional on the price of the device: Isn’t it only logical that the legal ramifications of losing an unencrypted netbook would be the same as losing an unencrypted laptop computer? The price of hardware should not be a factor, if the point of encryption is to follow the letter of the law.
Lose a netbook with 30,000 names and SSNs, or lose a laptop with 30,000 names and SSNs; either way, it’s 30,000 people you’ll have to contact regarding a data breach. The fact that netbooks are low-end devices doesn’t mean that a data breach stemming from their loss will be any less dire than that of a lost laptop.
Also, regarding the “fleet of netbooks would be costly” remark: Encryption doesn’t cost more because it’s used on netbooks. If Mr. Rapp opts to buy 100 laptops over 100 netbooks, and decides to encrypt those before handing them out to employees, well, the cost of encryption would still be the same if he had purchased the netbooks and then had those encrypted.
So, stating that encrypting netbooks would be costly and thus “not justified” is…well, the wrong argument (unless, of course, there’s a company out there that is asking for higher encryption licensing fees when it comes to protecting netbooks. Run from them! I say).
From an information security standpoint–and from that standpoint only–if a netbook is or will be carrying sensitive data on it, encryption software is justified, no matter how low-end it is….especially if it takes the place of a laptop. I mean, I can’t see people storing less (quantity-wise) sensitive data just because they got a netbook instead of a laptop.
Related Articles and Sites: