Information technology and security officers protect their organizations from a dizzying array of dangers. Some of these are addressed by well-worn product categories – think virus protection, or firewalls – while other risks are ever-emerging.
Dale Goddard manages a product – DriveStrike – that helps businesses mitigate a growing risk category: data breach from lost and stolen devices.
“For any company in practice long enough, data breach risks eventually happen – a trusted employee quits unexpectedly before returning his computer, a laptop gets stolen, a mobile phone with customer data is lost during travel.”
When these happen, a data breach is a bigger risk to organizations than the cost of lost hardware or productivity because, as Goddard puts it, “it’s easier to get into a laptop than a data center.” The risk boils down to customer data compromise, exposure of trade secrets, and the open door to hacking.
"For any company in practice long enough, data breach risks eventually happen – a trusted employee quits unexpectedly before returning his computer, a laptop gets stolen, a mobile phone with customer data is lost during travel."
Compromised customer data – particularly when it includes personal, healthcare, or financial information – threaten a company’s brand, finances, and legal standing. Hartford Hospital paid $90,000 to the state of Connecticut over the theft of a laptop containing data on 9,000 patients.
With HIPAA, GDPR, and the CCPA (California Consumer Privacy Act) – companies face financial penalties for every compromised customer record, reporting requirements to publish the breach to customers and sometimes irreparable reputational losses. The US Health and Human Services published more than 200 breaches of healthcare providers just in the first half of 2019. “If you can’t establish that you deployed an endpoint security management solution, you have little defense against claims of neglect when loss or theft occurs,” Goddard warns.
For businesses with trade secrets to protect, employee devices are the chief pathway by which this information escapes control. According to a statistical analysis by law firm O’Melveny & Myers, over 85 percent of the time, the vector is someone the trade secret owner knows (usually an employee or a business partner).
In other cases, hackers target end-user devices as entry-ways to the company network. Saved passwords provide critical credentials, email records give hackers a whos-who, and saved WiFi passwords – well, that guy in the car in your parking lot might actually be inside your network.
The diversity of devices that employees use – and in some cases bring into the work environment – compounds the difficulty of addressing the data breach risk. It’s not enough to solve the problem on one platform if another is left out.
DriveStrike provides a device manager with a common feature set across all of an organization’s devices, including Windows, Mac, Android, iOS, and Linux. On a simple console listing all the organization’s devices, a user can:
Remote wipe: DriveStrike remote wipe is a revolutionary technology built upon their patented continuous data protection product. It is the fastest, most powerful drive wipe in the industry. DriveStrike sanitizes data and wipes not only the main drive but secondary connected drives on protected computers as well.
Remote lock: DriveStrike remote lock allows users to lock their devices remotely on demand by setting a lock PIN that must be entered to regain access.
Remote locate: DriveStrike utilizes the best of multiple approaches to determine device location. These can include GPS, WiFi triangulation, crowd-sourced Bluetooth detection, and IP address lookup. Users can initiate a locate at any time from the DriveStrike device page to get the last device fix. DriveStrike captures regular location updates for a historical record of protected device locations.
These actions can be invoked from DriveStrike’s web application, or by calling their customer service team. Protected devices report back to give the peace of mind they were completed.
DriveStrike supports managed deployment with over-the-network installation and is releasing additional features to provide enterprise control over mobile devices – which are the ones most commonly brought into the work environment by employees.
As a subscription service, DriveStrike is available for less than $1.00 per device per month when protecting multiple devices.
DriveStrike also has an offering for addressing the data breach risk posed when retiring computers. It streamlines the process of preparing computers for sale or donation by wiping their drives of company data and providing an audit report of wipe results.
DriveStrike is produced by Spearstone, the 2008 Digital IQ award winner for IT Security, with customers that include Wells Fargo, Logitech, Pearson Learning, Spacelabs, RemedyMD, and Sony. Today the company has two physical locations in the United States and virtual locations around the globe to support the DriveStrike service.
DriveStrike emerged from Spearstone’s experience consulting enterprise clients around application, data, and security needs. “After firsthand experience layering solutions to address different organizations’ risks, we built DriveStrike because we saw how health care and financial services customers lacked cost-effective solutions for a data breach.”
“Scaling a simple yet comprehensive solution to protect data and mobile devices from compromise was a challenge, considering we needed to do it on every operating system and support organizations from large enterprises to the smallest teams,” says Goddard. “We leveraged our consulting group’s experience in cloud computing, hardware, and software design, as well as their deep knowledge in data security to produce DriveStrike.”
It has proven a winning formula –the company was recently a gold medal winner in the 2019 Cyber Security Excellence Awards for Cyber Security and Secure Data Erasure, and silver medallist in Mobile Device Management and Mobile Security. Customer service contributed to customers’ responses. “When dealing with security issues, customers need the confidence of knowing they can get a person on the phone when they need to, whether it’s to get things set up correctly or to deal with an emergency situation,” Goddard observed.