SAS 70

Jul 6 2008   4:18PM GMT

How laptops become serial killers? – SAS70

Keith Harrell Profile: SAS70ExPERT

My business requires distribution and collection of data. Much of it resides on a centrally located server; however, there is data on the laptop that has never been transferred over to the server or that may have  been taken off the server for project work. As human beings we will never be perfect. Someone will lend access to their laptop to a friend or customer, a laptop will be lost or stolen, and an unprotected USB drive is a loaded gun just waiting to have the trigger pulled so that data can be transferred off your laptop. Laptops with sensitive data that goes unprotected, can become a media nightmare, a legal hassle and a may limit your customer retention and market growth — a serial killer that stops your business growth and the vendors that support you.


To protect data loss, we now have L0-jack services for laptops when they are stolen. The laptop can be found and once connected to a network will be shut down.But what about the ease we have to install and transfer data to others using USB drives. Even if you use a USB drive that requires a password, is that enough security? I have read recently that laptops were returned after being lost that contained sensitive data such as social security numbers for big companies – including Google. Now that they have the laptop back, is the risk over? What if the data was transferred off the laptop onto a USB drive?


Just like for the SAS70 audit, you have to perform a risk assessment to determine the controls that must be in place, and identify those that can be implemented as time permits. In the situation above, I don’t think focusing on the number of ways that data can be taken off laptops is the key to reducing risk. You should focus more on identifying the type of data that you have, mark the sensitive data, and control access to it – by limiting users, strengthening laptop controls around the sensitive data, and identifying opportunities to record transfer of sensitive data which would provide an audit trail. How are you controlling your data on your laptops?


1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Denny Cherry
    You can also look into a product called [A href=""]Laptop Cop[/A]. Using it you can not only retrieve your files, but also delete any files including ones which contain sensitive information after the laptop has been stolen. (Please note that I do work for the company which makes Laptop Cop.)
    68,410 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: