Delivering data security

Mobile devices will get lost, Peter Larsson, CEO of security vendor Pointsec, believes. So firms should encrypt data to stop it getting into the wrong hands

  • E-Mail
By  Diana Milne Published  May 21, 2006

|~|Larsson,-Peter-4body.jpg|~|It is advisable to limit the damage caused by the theft of mobile devices by ensuring that data on them is encrypted, Pointsec’s Larsson believes. |~|When it comes to security, many IT managers must wonder where to begin: barely a week goes by, it seems, without a new threat emerging. A recent threat IT managers were warned to beware of was the taxicab. Well, more accurately, a recent survey from Swedish mobile security firm Pointsec found that over 60,000 mobile phones, nearly 6,000 pocket PCs and just under 5,000 laptops were left behind in London taxicabs last year, meaning the data on them was vulnerable. Since another report, this one from security firm Symantec, suggested that the average laptop can hold company data valued at up to US$1million (with some holding much more — up to US$8.8million, the Symantec report suggests), that carelessness can amount to a big headache for IT administrators. “The biggest threat to companies, without question, is the risk of loss or theft of mobile devices and consequently vital information getting into the hands of the wrong people,” says Peter Larsson, CEO of Pointsec. “And if you ask most CIO’s that is currently their biggest concern,” he adds. Pointsec takes a hard-line approach to what companies should do to protect themselves against the threat of confidential and invaluable data being lost or stolen — be it in the back of a taxi, in a restaurant, at an airport, or indeed anywhere else. Educating errant employees in the art of keeping a firm grip on their mobile devices is not enough, the firm believes. Attempting to enforce rigorous company policies concerning the handling of mobile devices outside the office environment is not enough to protect confidential data. Ultimately, some such devices are always going to be lost: enterprises lose on average 1-2% of their mobile devices every year, according to Pointsec’s research. “Just educating employees is not enough,” says Larsson. So, you have to accept that some devices will be lost, or stolen, and plan on that basis. Therefore, according to Point- sec, organisations should limit the damage caused by loss or theft of mobile devices by ensuring that all data held on them is encrypted. And in order to ensure these methods are absolutely foolproof it should deploy encryption software that requires the minimum effort from employees to be effective. “Companies cannot rely on users,” said Larsson. ”They need a solution, which is totally transparent, where users can use their computers the same way as they normally do,” he continues. “Our software monitors everything you do and takes care of security, without asking any questions of the employees,” Larsson goes on to add. Pointsec offers protection for PCs, laptops, PDAs, smartphones and removable storage and is designed to work easily with both Windows- and Linux -based systems. Pointsec for PC gives full-disk encryption with access control. It is centrally managed so companies can set their security policy and end users are unable to change or adapt it. The firm claims it is easy to install, with the only change being a different log-in screen. While Pointsec made its name by providing solutions for data held on laptops, as other mobile devices hold increasing amounts of data, it has extended its offerings. Pointsec for mobile platforms protects data held on smart phones and wireless PDAs giving system wide encryption with access control. Again it is centrally managed and provides encryption support not only for system memory but also for removable storage media such as flash cards and microdrives. The solution is designed to work with most mobile operating systems, including Symbian, Windows Mobile and Palm. The software boots up automatically at sign on and can be activated using Pointsec’s PicturePIN systems — where a user’s pin is made up of a sequence of images rather than numbers. Larsson says this is an example of where the technology has been made as simple as possible for users — and as impenetrable as possible for would-be intruders. “The PicturePIN is easier to remember and a harder code to crack,” he claims. “It also means that users don’t have to remember a sequence of numbers, alongside all the others they are required to memorise nowadays. They just have to remember a sequence of images that tell a story,” he adds. The company also offers Pointsec Media Encryption — which protects both removable storage media and e-mail in transit. This latter feature is particularly important, says Larsson, as so much business correspondence is done via e-mail. “A short while ago we closed a major deal,” he says. “There was a great deal of e-mail exchange going back and forth — if that information had gotten into the wrong hands, someone could have made a lot of money out of it,” he warns. Pointsec Media Encryption provides automatic, real-time encryption that can be configured to specific needs and is designed for Windows, notebooks and laptops, desktops with USB drives, writeable CD/DVD drives and external hard drives. It can be used for portable storage media or files and folders such as e-mail attachments alongside Pointsec for PC or as a standalone product and can read memory cards encrypted with smarphones or wireless handheld devices. And since it includes on-demand decryption software, users can share information with trusted parties without having to buy additional software licences. The company claims it takes a matter of weeks to install its encryption devices — a process which includes any training requirements. “We’ve had customers deploying the solution to 40,000 cust- omers in less than three weeks,” says Larsson. “Our solution is deployable even faster than the usual commodity solutions like anti virus products. It takes less than a week, inclusive of any training that needs to be done,” he adds. “Employees hardly need any training anyway though because they don’t have to do anything differently from what they were doing before,” Larsson says. Clearly Pointsec’s no-nonsense approach to protecting data has struck a chord with companies. Its year-end financial report for 2005, showed an increase in sales for the fourth quarter of the year of 56% while sales for the company increased overall by 33% in 2005. A number of developments this year seem set to increase the company’s fortunes further.||**||Partnership vows|~|Larsson,-Peter-2body.jpg|~|Now is the perfect time to increase our focus on the growing market of smartphone technology, reveals Larsson.|~|Earlier this year it announced a strategic partnership with Japan’s Hitachi Software Engineering Company (HitachiSoft) under which HitachiSoft will distribute Pointsec for PC under the name Hibun AE Full Disk Encryption — giving Pointsec a strong footprint in the Japanese market. This month the company announced that it had attained RSA Secured Partner Programme certifications, which will help to ensure interoperability between Pointsec for PC and several RSA Security Smart card and two factor authentication solutions. Pointsec’s encryption solutions for PCs now support all RSA SecurID two-factor authentication tokens with smart card functionality. “The powerful combination of rigorous authentication to unlock encrypted information will reduce the costs and risks for companies that must protect their sensitive information from exposure either for compliance reasons or practical business reasons,” says Larsson. “We chose to partner with RSA Security because of their industry leading identity and access management technologies and we look forward to working on additional joint projects to benefit our customers for years to come,” he adds. Last month the company announced the formation of Point-sec Wireless Solutions — a self-sustained business unit within Pointsec Mobile Technologies that will be focused on bringing data encryption to wireless devices in the enterprise. It will focus on strengthening the channel for Pointsec’s data encryption software for wireless devices with wireless carriers and handset manufacturers — a market it sees as a lucrative one. The business unit will also leverage its knowledge of the wireless industry by directing future product development for Pointsec’s wireless solutions. “Pointsec has been an innovator in developing data encryption solutions for wireless devices, currently supporting more platforms and devices than anyone else in the market,” Larsson says. “With enterprise acceptance of smartphone technology growing with the rise of business-friendly applications such as push e-mail, we feel that now is the perfect time to increase our focus on this growing market,” he goes on to add. In January this year Pointsec opened its Middle East, Asia Pacific and Australia office in Dubai Internet City (DIC), becoming the first multinational organisation to run such a wide-scale operation from DIC. Larsson says the company sees the Middle East as a key strategic market — particularly as so many international companies are opening branch offices in the region and are becoming increasingly aware of the need to protect data held on their mobile devices. Last year the Middle East accounted for just 7-8% of the company’s global revenue but, claims Larsson, far bigger things are expected in the next financial year with the company already having signed a number of big names in the region. “The response here has been beyond our expectations,” he says. “Definitely we are on a growth path in this region and the biggest markets for us are technology and banking,” he continues. “What I find is that we get a lot of interest from international companies that have offices located here. These are visionary companies that like to be at the forefront of things,” he goes on to add. He added also that the company is seeing a great deal of interest from the consulting market, companies that have in their possession millions of dollars worth of confidential information about their clients. In the past year it has signed a number of major deals with customers in the region which it hopes is a sign of things to come. Its customers in the region include i-mate, First Islamic Investment Group, the Zahid Group in Saudi and the Ministry of Petroleum in Saudi. The latter, with whom Pointsec signed a deal in the first quarter of this year, represents a strong example of the increasing awareness by organisations in the region of the need to protect their data. The Saudi Ministry of Petroleum has purchased Pointsec for PCs and Pointsec Media Encryption to protect data held on laptops, USBs and CD Roms. “It makes a lot of sense for an organisation like that to protect the data held on their devices,” says Larsson. “It’s very obvious that they don’t want everybody to know where the next exploratory oil fields are or what their next pricing strategy will be. They have very valuable assets to protect and they want to stay ahead of the competition,” Larsson continues. “Oil price changes in Saudi have a huge effect on the global economy. They know they have a duty to make sure information is protected before it is lost,” he goes on to add. He describes the Ministry’s purchase of Pointsec’s encryption devices as a form of “insurance”, an approach he predicts many companies in the region will take. With the increasing focus on mobility in the workplace and with the amount of data being stored on mobile devices increasing all the time, Pointsec seems to offer a compelling solution for IT managers: at least until we all learn to be a bit more careful when getting out of that taxi. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code