Microsoft's BitLocker Alters the Security DynamicBy Robert Hertzberg | Posted 2006-11-20 Email Print
A feature in Vista for encrypting laptops will be embraced by enterprises but may change the game for third-party vendors.
A feature that automatically encrypts laptop hard drives will likely be the first thing security managers look at when the enterprise edition of Microsoft's new Vista operating system ships later this month. The feature, BitLocker, will intensify the spotlight on an area that has become a major concern for big companies in recent years.
In many states, an organization whose data has been breached must notify customers. It may also have to modify the customers' credit card information and offer credit card protection services. Laptop theft is one of the most common sources of compromised data, according to the Privacy Rights Clearinghouse.
"It's a real issue, and it involves real costs," says Jon Oltsik, senior analyst at the Enterprise Strategy Group, a research firm in Milford, Mass. The costs of disclosure run from $25 to $150 per breached record, he said.
Being able to say that pilfered data is encrypted is, at the very least, a better PR posture. And in some states, such as California, the disclosure requirement is lifted when the stolen laptop is encrypted.
Already, organizations that want to secure their laptops can use technology from several third-party vendors, such as PGP Corp. and Guardian Edge Technologies. Those that want a shot at actually recovering stolen computers can buy Computrace LoJack for Laptops, from Absolute Software. The technology sits in the computer's basic input/output system and helps law-enforcement officials close in when the thief logs on to the Internet.
"Why not splurge and have both [the encryption and the recovery product]?," says Absolute CEO John Livingston, who licensed the LoJack name from the firm that makes the car-recovery system. Vancouver-based Absolute had sales of (U.S.) $19.6 million in its June fiscal year, a 70 percent jump over fiscal 2005.
Microsoft's entrance into laptop security may be an alarming development for third-party vendors that don't have a unique position in the market. "There's a need for these companies while people have legacy systems" and before they get on Vista, Oltsik says. "In the long term it will be tough to compete with baked-in functionality."
Some more nimble competitors may turn their development efforts to nonWindows platforms, such as Macintoshes, or to wireless devices. The others, Oltsik suggests, will simply disappear.