For those who never thought text messaging could boost an endpoint solution strategy, think again. Lenovo on Nov. 25 announced a text messaging service that freezes lost or stolen Lenovo notebooks.
The "kill command" SMS (Short Message Service) technology, called Constant Secure Remote Disable, will be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009.
Lenovo uses WAN technology to connect up to 10 cell phones with a ThinkPad. When a user sends the kill command via a text message (the service only works over wireless networks that support SMS standards), the computer shuts down. The user then receives a confirmation text message validating the deactivation of the notebook.
Joe Seaman, president of SMB Security Consulting, says the feature adds a user-friendly extra layer of security for security-minded small and midsize business owners. "There were a couple of our clients that were looking for encryption type capabilities, especially for mobile users," Seaman said. "Initially they were looking at full hard drive encryption, but being able to 'phone home' and having it built within the OS would be a much cleaner solution."
The technology was developed over a seven- to eight-month period, said Stacy Cannady, product manager for security at Lenovo. "How do we reach out and touch a PC and deliver a command it's going to process?" he asked. "When you start thinking about the available options, you narrow it down to cellular systems."
Cannady admitted that remote disabling is not a perfect solution. For one, users outside of a cell network won't be able to send the message. Also, a thief riding the rails of New York's subway system, far below the reach of mobile networks, would theoretically be able to acquire unencrypted data. Cannady pointed out, however, that the SMS message, once sent, will wait until the WAN card is once again able to receive messages.
"Here is another tool that can be evaluated for meeting compliance in terms of preservation of confidentiality around sensitive data," Cannady said. He recommended consulting with compliance officers to determine whether this would be a satisfactory addition to the security arsenal.
Cannady also said the ability to unlock the PC once it's been shut down was a critical feature of the technology. "I can't afford to lose a motherboard every time one of my users makes a mistake," he said. "So if there's no way to get it back I can't use it."
For the SMB owner, Seaman said he thinks having multiple security measures is important, particularly for companies that have a large mobile work force. Although budgets are tight, he said many SMBs aren't adverse to spending more up front in the name of quality protection. "At least from my clients, they've moved beyond price comparison, because they've all been burnt by that philosophy. It goes further down into the purchase process," he said. "Without this, there's a much higher risk as far as the potential for intentional or unintentional data leakage goes."
While data security poses a very real threat to small business owners, Cannady pointed out that there are also emotional benefits to using Lenovo's kill command. "In a human way, there's some satisfaction in being able to reach out and destroy your private information after the thief has stolen it," he said. "It's fun."