Making the Case for Terminal Services

What would happen to your company if a laptop containing sensitive employee information was stolen from an employee’s car? How about financial records and documents? Boeing is now facing exactly this dilemma as the third laptop in 13 months was stolen from an employee vehicle. Records on the stolen notebook computer contained information on some 382,000 of Boeing’s current employees and retirees. Included in the information were names, home addresses, phone numbers, Social Security numbers, and dates of birth. This represents a significant breach in security and a potential for identity theft that can only be expressed in terms of magnitude.

The saving graces in this situation would appear to be that no evidence has surfaced that the sensitive information has been compromised, and the laptop was powered off at the time of theft. To access the data the thief would first have to power on the laptop then log in to the computer by providing a user name and password. Even so, Boeing is taking no chances and is currently in the process of contacting the individuals affected by the theft. By way of apology and compensation the company has offered those affected two years of credit monitoring on Boeing’s dime.

This is the third such theft at Boeing since the fall of last year, despite internal policies requiring employees to work off of the server behind the firewall. Policies that were personally enforced by management at Boeing. Managers manually verified that no one was storing sensitive information on notebooks that would be used in the field.

So how does this happen? The short answer is it only takes one person storing information locally as a convenience to cause a crippling breach in a company’s domain.

So how are such losses prevented? There are a number of ways to avoid this kind of exposure.

• Use an electronic password key such as RSA. This kind of enterprise level encryption will ensure that a thief can’t access stolen information simply be entering a user’s password. The password in this case is determined via RSA. Tough, but not invulnerable.
• Format notebook hard drives at the end of every working day. Labor intensive, costly, and impractical if the notebook is stolen before it can be re-imaged. However, it does eliminate the risk of employees storing information locally on a notebook long-term.
• Provide all employees with USB memory keys. Practical in the sense that no information is stored locally on the notebook, but dangerous in the sense that USB keys are easily lost or stolen.

The above suggestions might work to one extent or another, but the best way to ensure that sensitive information doesn’t fall into the wrong hands on the theft of company property is for it to never be stored on the notebook in the first place. This can be done through a virtual desktop accessed through terminal services. Using terminal services an employee’s desktop is actually running off of a server located in a secure data center. At no time is an employee storing sensitive information on a notebook that is used in the field. The company can set permissions in terminal services allowing only certain users access to applications or data. Further, terminal services can be configured to prevent a user from saving an open document on a local hard drive. From the employee’s perspective, they can access their virtual desktop from anywhere with an Internet connection. Wherever they are, their desktop is always the same. If a laptop is ever stolen that system’s connection to the user’s desktop can be blocked, ensuring that no theft of data can take occur. The biggest limitation for terminal services is the dependency on an Internet connection.

The best way to ensure your data, and in this example the identities of your employees, is protected is to never let it leave your place of business. Terminal Services allows you to do just that.

---

For more information about terminal services visit the links below.
Wikipedia’s article
Microsoft’s Remote Desktop
ZEROi from SADA Systems

powered by performancing firefox