Security

Make your data self-destruct with BackStopp

Your mission, if you choose to accept it, is to prevent would-be thieves from accessing your critical data. Find out how BackStopp can help.

If you keep up with the news, then you've surely read case after case about the loss of highly confidential or sensitive data. And not lost by a power failure or poor user judgment, mind you, but by theft. When working at the local coffee shop, airport, or even in the backseat of your car, your data is not safe when it's on mobile media.

Queue the Mission Impossible music!

Your mission, if you choose to accept it, is to prevent would-be thieves from accessing your critical data. Critical data encompasses a wide range -- from bank records, social security numbers, and credit card numbers to usernames and passwords, saved session cookies for sites frequented by the CFO, and private e-mails. This data must not fall into the wrong hands, where attackers could leak it to the public or exploit it for financial gain.

You may think that data theft won't happen to you, but what about your coworkers, sales representatives, or other users of your network that holds customer private information? Can all these people keep the data they work with secure?

And don't think these risks are going away anytime soon. However, new tools have recently emerged that can potentially help protect your confidential data.

One such tool is BackStopp. This self-destructing solution ensures that a would-be thief can't recover your data.

BackStopp prides itself in its FBI-grade deletion of data that occurs before the operating system boots. The decommissioned files are part of a user-defined list, so you can specify which files BackStopp should remove if the laptop leaves its authorized zones.

BackStopp relies on several location-identifying technologies to track machines anywhere in the world, including GSM and RFID.

  • GSM: Using either an internal GSM card or external USB device, you can track if a laptop leaves a region or country. Even more important is that when the device is in a GSM network -- a much broader area than Wi-Fi -- it can receive the self-destruct command and begin decommissioning your data. This is obviously the best solution if you have the required hardware.
  • RFID: As long as the machine is near an RFID reader, the machine will continue as usual. Once it leaves this region, the machine will be decommissioned.

The leaking of private customer data can be extremely damaging to a company's reputation. Along with losing existing customers, you run the risk of losing future customers as well.

12 comments
James Brown
James Brown

Sure, it has that cool, James Bond, feel to it. However, anyone who is trying to protect REAL data (something actually sensitive and important) would quickly see through this smoke screen. As others have pointed out, step one, after stealing the laptop or whatever, is to REMOVE THE DRIVE and put it in a forensic workstation. Unless your technology is integrated into the drive hardware (and their ad says it works on existing hardware so that is out of the question) then it will not work. I think the concept of encrypting the data and only decrypting when you are within the security perimeter is much stronger. Then, no matter what happens to the data, unless you are the authorized user within the security perimeter, you are out of luck. Just my $0.02 worth. [Edit:] One other thing I forgot to mention, there is already an open-source alternative that will protect sensitive data on ANY storage device (be it hard drive, USB stick, etc.). That would be TrueCrypt. Just store your sensitive data in a TC partition or even just a file. TC can be configured to lock upon any combination of screen saver activation, on user logout, after a specified delay, and/or entering power save mode. You can also use a dongle of sorts, by storing 'key files' on a USB stick. If the USB stick is not present, you can't decrypt the data. You could also store the key files on a network server back at HQ so that the user can't access the encrypted data unless he has a (presumably encrypted through a VPN) network connection back to HQ. And again, let me emphasize this is FREE, OPEN SOURCE software so your corporate cost to protect your valuable data is exactly zilch, nada, zero.

WTRTHS
WTRTHS

What is the defined area? The work building? So if the user goes home, he can't take his laptop with him? What if he goes to visit relatives, on vacation, anywhere, and takes the laptop with him? How are you going to forbid the user from taking the laptop somewhere he doesn't need to be? You can garantuee it will happen. And what if the thief doesn't leave the area? Much better imho would be some block on demand system, if it's stolen, the owner notifies the system administrator, who gives a remote command to the affected laptop. Almost same as a credit card number. Sure, there's a time frame of vulnerability, but 100% security is an illusion. Also nice: fingerprint protection on data. Though I don't know how effective that really is.

BALTHOR
BALTHOR

Self destruct is a little negative for me.

LocoLobo
LocoLobo

I thought you were talking about wireless security at the coffee shop. My thought is that would be thieves will get smarter and pull the GSM or RFID card before booting the laptop. Then comes the tricky solution that decommisions the data if the card with the correct ID is not installed. But of course there will have to be a way to recover the data for the legimate user in case of an accident (card dies etc.). What about software that encrypts the data, then if the wrong password is used to decrypt it the data is destroyed. Yea I know! More problems.

wratholix
wratholix

even though it defeats the purpose of a 'portable' computer. a company can enforce time policies to when and where the laptop is allowed to be. It could work.. but it would be a admin's nightmare. Whose going to restore all those backups ? Probably just stacked up or sitting on that unsecured file server. If a hacker really wants your data he'll try to avoid being obvious and look where you least expect it. Plus a backup server is most probably guaranteed to be up 24/7 also making it easier to target. yet.. lets say you use the GSM solution and happily driving to your next meeting and suddenly you lose signal. Bye Bye data ? U-turn office asap? Perhaps call client and suggest some video conference and avoid data loss :P

The Scummy One
The Scummy One

this made some actual sense without thinking real hard!!!

wratholix
wratholix

First thing that comes to mind is... "nobody can decrypt the removed data except the FBI" That doesnt give me the peace of mind i want.. maybe i am less worried about someone who steals my laptop cracking every secured file etc. Atleast they will probably end up using only the email addresses they can find to hit more ppl with spam. We can keep data remote and secured but the problem becomes bandwidth. You cannot guarantee yourself decent accessibility from all locations.

zefficace
zefficace

I would take the hard drive out of the damn laptop, after removing the battery... let's see them destroy the data now! I think this is for the "laptop theif" not the "data theif", having both very different goals although they have similar methods. Just don't act stupid with your laptop.

davidabrooker
davidabrooker

According to police in the UK over 90% of laptop thefts are simply for the value of the hardware, say $100 in the pub. The person that buys it usually chances upon sensitive data rather than targets it. They then use it against the owner. Encryption is OK but not bulletproof because of passwords or dongles being with the laptop when it is stolen. Ultimately no data must be best.

LocoLobo
LocoLobo

BALTHOR is being assimilated into the culture? :)

apotheon
apotheon

What does PPL stand for?

LocoLobo
LocoLobo

I think I agree but the article was discussing preventing data theft in such a case. "passwords or dongles being with the laptop when it is stolen" No matter what you do users can't remember dozens of username/password combos. At our facility we have a walkin fridge/freezer that contains samples. It has a keypad and you have to know the secret code to get in. For several years we kept having to erase the code from above the keypad. My boss would get livid, make threats, smoke would come out his ears to no avail. Next week someone had wrote the code above the keypad, again! When we got a security camera system my boss put one of the cameras covering the walkin. We haven't had that problem since. :)

Editor's Picks