James Inman

About fifteen years ago, my husband and his colleague had their laptop computers stolen out of a car. A $14,000 hit to the departmental budget was a serious blow. They were fearful of reporting the incident to their boss, largely because the laptops had cost the company about $7,000 each.

And back in those days, no one gave much thought to exposure of the data on the stolen devices. Today, companies don't sweat much over the loss of the hardware, which has dramatically come down in price. My, how times have changed! The real cost of a lost laptop is in the potential or actual exposure of the data on the PC, especially if it is customer records or intellectual property. The cases represented missing or stolen computers belonging to companies in a wide range of industry classifications.

Laptop Losers Hall of Fame In April 2009, Ponemon Institute released an Intel-sponsored report entitled "The Cost of a Lost Laptop." Ponemon interviewed 29 organizations that had experienced 138 separates cases of a lost laptop that was used by an employee, temporary employee or contractor. In this study, the average value of a lost laptop is $49,246. This figure is derived from a calculation involving seven cost components, including: laptop replacement; detection and escalation; forensics and investigation; data breach reporting and mitigation; intellectual property loss; lost productivity; and other legal or regulatory costs. The top four industries with the highest average cost of a lost laptop are services, financial services, healthcare and pharmaceutical. The study reveals that the cost of a lost laptop varies greatly by industry. The bottom four industries are manufacturing, consumer products, retail and communications.

In the cases covered by this study, the occurrence of a data breach accounted for 80 percent of the total cost. Since the hardware costs don't vary much by industry, it's obvious that the data loss costs are the differential. And while the average cost is just over $49,000, it's possible for actual costs to reach much higher if the loss involves a data breach of thousands of sensitive records. The study reports that if a company becomes aware of the loss the same day it happens, the average cost is only $8,950. If it takes more than a week to discover the loss, the cost jumps to an average of $115,849. There are many other interesting - and some surprising - bits of information in this study. (See the full report here.) If your organization is looking for good statistics and other information to help you justify an investment in stronger laptop security measures, do have a look at this report. One factor in the cost of a lost laptop is how fast the company discovers and reacts to the loss.

As I mentioned, Intel Corporation sponsored this study, although Ponemon Institute conducted the research independently. Certain laptops powered by the Intel Centrino 2 chipset have a core set of technologies known as the the vPro technologies. Of course, Intel has a big interest in protecting lost or stolen laptops. One such technology is the Intel Anti-Theft Technology - PC Protection (Intel-AT), which uses a set of programmable and interdependent hardware-based triggers and responses to identify unauthorized attempts to access encrypted data or the operating system. One product you can use in conjunction with Intel-AT is the Altiris Manageability Toolkit for Intel vPro Technology from Symantec.

Third-party software products, such as those described below, can send signals to the lost laptop to disable it from use by unauthorized people. Another is Computrace from Absolute Software, which allows you to delete data on missing computers and produce an audit log of the deleted files to prove your compliance with government and corporate regulations. This BIOS update allows for the remote shut down of a lost or stolen PC when an SMS message is sent via a designated cell phone. Certain models of Lenovo ThinkPad laptops offer a technology called Constant Secure Remote Disable. This solution also requires an embedded wireless WAN card in the PC as well as a mobile communications subscription to allow the PC to receive text messages.

Should the PC turn up again, you can unlock it without loss of data. If the computer is lost or stolen, your text message will lock it down at the hardware level, turning it into a brick. SystemTrack is a managed service offered by Dell. If you report a stolen device to Dell, Dell can forensically mine the PC over the Internet using a variety of procedures. SystemTrack links with a missing PC the next time it connects to the Internet and enables IT administrators to perform data and device security activities, including deletion of sensitive data, system lockdown and emergency retrieval of key files. All the solutions I've just described take some forethought to prepare a PC before it's ever lost or stolen.

Still, as the old saying goes, an ounce of prevention is worth a pound of cure. What's more, these solutions often rely on multiple services or technologies to work just right. Perhaps a little forethought on what to do about sensitive data on a lost or stolen laptop is better than the experience of a costly data breach.

The FCC has approved a notice of proposed rule making on the subject of net neutrality, and here are a few questions and answers to help shine a light on what that means. The FCC agreed to consider what regulations, if any, to impose on ISPs about the applications and services that they allow, ban or rate limit. FCC takes first step toward net neutrality rules What exactly did the FCC do? The process calls for formally proposing rules and holding public hearings on them.

What is net neutrality anyway? A vote about the rules themselves will take place sometime next year. It is the common name for creating and preserving what the FCC calls the "open Internet". The FCC is trying to write rules that enforce six principles it says ISPs must uphold to preserve what the commission calls the "open Internet". These rules would tell ISPs to:* allow sending and receiving all lawful content.* allow all lawful applications and services.* allow all lawful devices that don't harm the network.* allow access to all network, application, service and content providers.* ensure there is no discrimination against particular lawful content, applications, services and devices.* reveal practices necessary network management that might limit the other five principles. A majority of the FCC, Google and other Internet-based companies, consumer advocacy groups and Internet luminaries such as Vinton Cerf and Tim Berners-Lee. Who wants it? They fear that without rules, ISPs will impose tiered service levels, making the top-level services so expensive as to rule out their use by innovators trying to start Internet-based businesses.

There have been cases where ISPs blocked VoIP and rate-limited peer-to-peer traffic like that used for gaming and file sharing. They are also concerned that selectively banning certain applications such as VoIP will reduce consumer choice about how to make voice calls. Who's opposed to it? They say the rules would block charging extra for premium services, the financial incentive they need to invest in network upgrades that keep traffic running smoothly. The loudest opposition comes from AT&T, Verizon and other Internet providers.

They say the rules would unfairly restrict what they call differentiating services that might justify higher rates than competitors charge. Sen. They say the consequences of net-neutrality rules would be one of two things: higher flat rates for services or paying by the byte for Internet traffic. John McCain (R-Ariz.) also has introduced a bill to block the FCC's net neutrality rules. If net neutrality prompts higher Internet access rates for all-you-can-eat ISP services, businesses would have higher ISP bills. What does it mean to businesses?

Usage-based fees might or might not increase costs to individual businesses depending on how much they use the Internet. For example, a business that sells HD video downloads over the Internet might sell less if customers have to buy premium Internet access in order to enjoy a movie. Businesses that rely on the Internet to provide services might face decreased demand if their customers are forced to buy more-expensive services in order to consume their products. What does it mean to carriers? They also say they buy into the principles of an open Internet and that no rules are needed. Carriers fear net neutrality will restrict their ability to make money off their networks to the point that they will slow the rate at which they invest in network improvements that boost Internet performance.

What does it mean to residential Internet users? Or they might shift over to billing for the amount customers download, forcing customers to think twice about what they use the Internet for. Flat monthly rates that are common now would likely remain, but ISPs might charge more for them. At the same time, they would be able to use the Internet to make phone calls without worrying that the traffic would be blocked. Without rules, ISPs are most likely to limit bandwidth hogs – gaming, streaming video - and VoIP. Many large ISPs such as AT&T and Verizon are also voice carriers, so VoIP riding the Internet is a threat to their revenue streams. The rules would have the biggest impact on what services?

The flip side is that providers of VoIP services that rely on the Internet ought not to be hindered by the ISPs.

Wipro, India's third largest outsourcer, is expanding its development center in Atlanta from 350 to 1,000 staff, reflecting a growing trend for Indian outsourcers to expand and hire locally in the U.S. market. India's largest outsourcer Tata Consultancy Services (TCS) said earlier this month that it was expanding its business alliance with The Dow Chemical Company, including setting up a services facility near the site of Dow's global headquarters in Midland, Michigan. The company said that 80 percent of its current 350 employees were hired locally, and includes recent graduates from reputable academic institutions in Atlanta, experienced professionals and retired army personnel.

TCS also announced that it was expanding a software services delivery center in the Cincinnati suburb of Milford, Ohio. Indian outsourcing companies are expanding both in India, and in the U.S., their key market, in anticipation of a pick up in business. Infosys BPO, the business process outsourcing subsidiary of outsourcer Infosys Technologies also said this month that it would acquire McCamish Systems, a BPO company in Atlanta focused on the insurance and financial services market. Employing staff in the U.S. is expected to go over well with the local community and politicians because of resentment in the U.S. about companies moving jobs to India and other countries, analysts said. Political considerations are evidently a factor for Indian outsourcers to expand in the U.S., said Siddharth Pai, a partner at outsourcing consultancy firm Technology Partners International (TPI) in Houston. U.S. Senators Bernie Sanders, an Independent from Vermont, and Chuck Grassley, an Iowa Republican, last week introduced legislation, called the Employ America Act that would prohibit firms that lay off 50 or more workers from hiring guest workers.

U.S. companies do not also want to be seen sending jobs abroad, he added. Certain types of work even in BPO, such as development of technology platforms for services delivery, and analytical work, require proximity to customers, he added. But there are also strong business considerations that require Indian companies to set up operations in the U.S., according to Pai. Indian outsourcers have to start looking like global players, Pai said. Japanese car makers, for example, manufacture all over the world, because some customers would like to buy locally produced goods, he added.

Scammers are increasingly using machine-generated Twitter accounts to post messages about trendy topics, and tempt users into clicking on a link that leads to servers hosting fake Windows antivirus software, security researchers said Monday. The accounts, which use variable account and user names, supposedly represent U.S. Twitter users. The latest Twitter attacks originated with malicious accounts cranked out by software, said experts at both F-Secure and Sophos. In some cases, the background wallpaper is customized for each account, yet another tactic to make the unwary think that a real person is responsible for the content.

Some of the tweets exploit Twitter's current "Trending Topics," the constantly-changing top 10 list of popular tweet keywords that the micro-blogging service posts on its home page. Tweets from those accounts are also automatically generated, said Sean Sullivan, a security advisor with the North American labs of Helsinki-based F-Secure. Others are repeats of real tweets. The defense, however, has regularly been subverted by hacker-built software, or by humans who contract to decipher the characters manually. "There's nothing cookie-cutter about these accounts," noted Sullivan, who added that scareware scammers aren't afraid to spend money to make money. All the tweets include links to sites that try to dupe users into downloading and installing bogus security software, often called "scareware" because they fool users with sham infection warnings, then provide endless pop-ups until people pay $40 to $50 to buy the useless program. "As fast as Twitter can shut down the accounts, [the scammers] create new accounts," said Sullivan. "Somehow they're getting around the CAPTCHA, but how they're doing it, whether with a bot or by CAPTCHA farms, we don't know." CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is the technology that uses distorted, scrambled characters to block automated registration of accounts. There's a lot of the latter to be had.

Because the scareware tweets use a URL shortening service - as do most tweets to crowd as much as possible into Twitter's 140-character limit - it's impossible for users to tell exactly where the link will take them. Last year, botnet researcher Joe Stewart of SecureWorks said there was evidence some hackers were making as much as $5 million a year shilling scareware. "A lot of these scareware campaigns don't last 24 hours," said Beth Jones, a threat researcher at U.K.-based Sophos. "By the time a [distribution] site is blocked, they've already moved on to something else." The servers hosting the phony security software behind the Twitter attacks are located in Toronto, said Jones, who said Sophos had been monitoring those systems since June. Jones suggested that users access Twitter with a third-party application, such as TweetDeck, which offers a URL previewer to show the actual destination. Unfortunately, the scammers are using the Metamark shortening service ; TweetDeck doesn't support previews for Metamark. "Scammers are using Twitter because it's a new conduit for spreading their scareware," said Jones. "They go where the money is, which means where people are, and people are on Twitter." By late Monday, Twitter had deleted the machine-generated accounts spreading scareware that Sophos and F-Secure had revealed, but some tweets with the same malicious URL were still available on the service.

A Document Organizer and browser-based proofing tool highlight the changes in Workgroups 2010. MetaCommunications announced the updated version of its productivity management software suite for marketing, creating design, packaging, and prepress workgroups on Wednesday. The browser-based document proofer includes markup tools for annotating PDF documents and image files. The Document Organizer lets users drag-and-drop digital media-including files, e-mails, scanned documents, and attachments-into Workgroups 2010. The system will automatically copy or move that media to the correct location on the file server.

In conjunction with the new version of Workgroups, MetaCommunications launched a community Web site called Developer Center, aimed at letting Workgroups developers, administrators, and users interact with each other and share forms, solutions, and code snippets. The $99 USB barcode scanner and attendant software collects information on media such as books and movies. The desktop version of Workgroups runs on Snow Leopard in addition to the Tiger and Leopard versions of Mac OS X. Complete multi-user suite bundles start at $4,995 with individual modules starting at $1,695; MetaCommunications has more detailed information about pricing on its Web site.-Philip Michaels IntelliScanner adds $99 organizational tool to lineup IntelliScanner announced on Wednesday added a sub-$100 product to its lineup of scanner-based organizational tools with the release of IntelliScanner Classic. The scanner reads the retail barcode and automatically identifies the items, importing data about them from online databases. The $99 product requires Mac OS X 10.4 or later and a USB port.

The included media organization software lets you organize your media, create bookmarks, keep track of lending, and generate insurance reports. A special $79 price is available to qualified teachers and students.-Dan Moren Carbon Copy Cloner works with Snow Leopard's HFS+ Carbon Copy Cloner 3.3, the latest version of Bombich Software's disk cloning utility, was released on Wednesday, adding Snow Leopard-specific improvements as well as a variety of other enhancements and bug fixes. In addition, the software improves the performance of backing up large numbers of files with extended attributes, properly excludes filesystem indexes such as those created by Spotlight, and fixes a number of bugs, such as now excluding the Time Machine database when backing up a hard drive. The new version works with Snow Leopard's HFS+ filesystem compression and also now reports disk size using base 10 values for MB and GB, reflecting Snow Leopard's change. Carbon Copy Cloner 3.3 is a free download, but a donation is request.

TeamViewer Mac 4.1.6717 includes full instant messaging capabilities with anyone in a user's partner list. The software requires Mac OS X 10.4 or higher, including Mac OS X Snow Leopard.-DM TeamViewer adds instant messaging for Mac users TeamViewer has updated its remote access and support application, adding instant messaging functions for Mac users. In addition, the updated version of TeamViewer allows a Custom QuickSupport module to be created for Mac OS X users. The application is free for non-commercial, personal use, with other pricing options available for business, premium, and corporate users.-PM TeamViewer provides remote access over the Internet.

Red Hat Tuesday made good on its promise to deliver a stand-alone hypervisor and a set of management tools as its gears up  to go toe-to-toe with VMware and Microsoft to become a top-tier provider of virtualization and cloud computing infrastructure. Both were first introduced at the Red Hat Summit in August. http://www.networkworld.com/slideshows/2008/081108-apps-for-bridging-win... ">12 great apps for bridging Windows, Linux and MacsRed Hat Enterprise Virtualization Hypervisor supports both Linux and Windows virtual servers and desktops. Red Hat made generally available its Red Hat Enterprise Virtualization for Servers, which includes both a stand-alone hypervisor and a management platform. The hypervisor is based on Red Hat Enterprise 5.4 kernel with KVM, which was released earlier this year. "It inherits all the enterprise features of RHEL 5," says Navin Thadani, senior director of the virtualization business at Red Hat.

Red Hat Enterprise Virtualization Hypervisor can scale up to 96 cores with 1TB of RAM at the host level, and up 16 virtual CPUs and 64GB of RAM at the guest level. He also said performance is on par with bare metal deployments. In addition, it supports live migration, power management features, multi-part I/O and memory page sharing. It is a centralized server virtualization management system that features high-availability tools, live migration, load balancing, and image management for Linux and Windows machines. The Red Hat Enterprise Virtualization Manager for Servers is the second component of the suite. It also has set of centralized monitoring tools.

Those tools are the product of last year's $107 million acquisition of Qumranet. Red Hat also says that it is in beta with the desktop version of Red Hat Enterprise Virtualization Manager, which will offer a full VDI environment and support for SPICE remote rendering technology. Red Hat said in September that the APIs from those tools will be merged into Libvirt, the current virtualization API used by Red Hat, around the time RHEL 6 is releasedRed Hat officials said the tools will be on par with VMware's base management platform, and that partners will be called on to add capabilities to the base platform. Follow John on Twitter: twitter.com/johnfontana In addition, the tools also will be positioned for managing public clouds, creating a link between internal networks and hosted platforms.

Symantec Corp. today released a new version of Norton Online Backup that supports both Windows and Mac operating systems on up to five computers, linked together through the same central account. Backed-up files also can be retrieved from any Web connection, including up to 90 days of file revisions. Norton Online Backup version 2.0 now allows users to transfer files between any of their computers and with other users.

With Norton Online Backup's Web browser, users can select and share any of the files they have backed up by generating download links that can be e-mailed to any address. Norton Online Backup retails for $49.99 per year, which includes 25GB of online storage to back up files from up to five computers. Users who've purchased new computers, for example, will be able to use the file transfer feature to populate their machines from current systems. Additional storage space can be purchased incrementally at any time. "Now consumers can turn to Norton to back up their priceless photos and music collections," Rowan Trollope, senior vice president of consumer products and marketing at Symantec, said in a statement. "With the combination of our brand, worldwide reach, and these latest technical improvements, we intend to bring online backup to consumers in a major way." An advanced search feature also allows users to search for backed-up files by name, date, size or type of file. Also, the file purge and storage management features allow users to remove previously backed-up files in sequential order to clear up available storage space.

File backup stores the most current file, even if it's open, which can be handy for e-mail files. Other features include improvements to file migration, automatic initial setup, user settings and a more intuitive redesign of the user interface, Symantec said. Version 2.0 supports cross-platform functionality for Windows XP, Vista, Window 7 and Mac OS X, including Mac OS X 10.6 (Snow Leopard). The upgraded version is available through retail stores and through Symantec's online store . The new version of Norton Online Backup will be updated automatically for current subscribers within the coming weeks.