Not that we needed another reason to love Starbucks here at Virtual Computer, but they are quickly emerging as a poster child for why a better management and security approach is needed for laptop PCs—something we are a bit passionate about here.  After a lot of Internet buzz, leaked internal memos, etc. over the last couple of days, Starbucks has confirmed that a laptop containing personal data on nearly 100,000 employees has been stolen.  Not only that, but they are the first high profile “repeat offender” I have seen in a while.  They actually lost four laptops in late 2006 that also contained sensitive employee data.

The Seattle Post-Intelligencer has more information on what is another unfortunate example of stolen data and hardware leading to expense and, frankly, embarrassment that could have been avoided.

Our recent post on laptop theft statistics goes into detail on not only how many laptops are stolen and how often (one every 53 seconds – think about that) but also how we are designing NxTop to help companies avoid this problem in the future.

A government laptop containing personal information was stolen in North Carolina. The laptop contained personal information of people receiving services from the North Carolina Division of Aging and  Adult Services. Here’s the story.

While the data on the laptop was password protected, there is no guarantee that the personal information stored on the computer can’t be accessed. Now, there’s hassle and expense all around:

• North Carolina must contact all of the potentially affected people
• These people are asked to place a fraud alert on their credit report and to regularly monitor their credit report
• Additional people were notified to be alert (presumably, contact information was on this laptop but not social security numbers)
• The end user needs a new laptop and hopes their data is backed up (not just the consumer data but anything they’ve had on the laptop)

As you can see, this is a real problem for many people and, rightfully, there is real concern. In a situation like this, you hope it’s just the hardware that will be used by the laptop thief and not the data on it.

This scenario is one we are solving with NxTop. We realize that laptops will be stolen and that dealing with the follow-up in any situation is a pain. In most cases, it is the data on the stolen laptop that causes problems and not the hardware itself.

The solution we’ve come up with combines use of disk encryption and data leakage protection with the ability to remotely “kill” the PC from NxTop Center with a few mouse clicks.  Plus, all of the user’s data, applications, and settings are seamlessly backed up on the central server.  Simply register a new PC with NxTop Center—even a completely different laptop from a different vendor—and within minutes the user is restored to their personalized environment.  I don’t mean a base Windows image with collection of files from a backup server.  This is their desktop environment, right down to the settings and the wallpaper picture of their cat.

For more information, see this post: How Do You Deal With A Stolen Laptop? and this web page: Laptop Management and Mobile User Management

Stolen laptops are a real problem. Whichever statistics you choose to believe, the numbers are staggering and growing every year. Granted, this is no great surprise since laptop use is growing every year (side note: I haven’t seen anything but it would be interesting to compare the growth of laptop use with the growth of laptop theft).

With today’s solutions, a stolen laptop causes many problems and headaches:

• Confidential data may be lost
• User isn’t able to work until new hardware can be provisioned
• In a best case scenario, there is a recent backup of user data that can be restored to a new machine
• Employee wastes time re-customizing machine to their liking
• IT needs to build the laptop…best case, this involves an updated image
• Employee hunts down license keys for user-specific programs, wasting more time
• Depending on data on laptop, may need to communicate loss to customers which can be costly and embarrassing

What if there were a better way? What if you could simply “turn off” the laptop remotely?

This isn’t a problem with NxTop.

NxTop’s architecture separates the four main components that make up a PC: the hardware, operating systems, data and applications. This presents a very unique way of dealing with laptop theft: since all four components are separate, you can simply stop a piece of hardware (a stolen laptop) from accessing the other four components. Without that access, the stolen laptop is no longer a real problem.

As for the user, simply get them a new piece of hardware and provision a new NxTop to them. A few mouse clicks is all it takes to get them up and running on a new laptop, complete with their previous configuration (including any customization they’ve made), all of their user data and applications, and virtually no loss of productivity – and less of a headache for the IT administrator.

Sure, you still lose the hardware (assuming it isn’t recovered or found) but that’s much less of a loss than it could be otherwise.

Want to try NxTop for yourself? We’re still perfecting it but take a moment to register and we’ll let you know as soon as NxTop is available for download.

Earlier this week, we showed a demo of NxTop to a group of IT administrators that we’ve been working closely with during development. We’re working with them as part of our customer focused development to ensure that NxTop is what IT administrators want, would use and would see cost and time saving benefits from. While we’ve worked with them for a few months now, this is the first time they’ve had a chance to see NxTop in action.

All of the feedback we’ve received has been very positive but there was still a bit of anxiety in showing NxTop for the first time and the anticipation of feedback. Our demo runs about 40 minutes and covers the creation, patching, updating and provisioning of a NxTop to an end-user, showing how activity on the management server can affect change on the client side in real-time (look…here’s a new operating system! now it’s gone! there it is again! now there’s a new application on the desktop!). We also took a bit of time to show how to set policies, customize a NxTop master image for a specific user, clone a NxTop and take some Q&A.

The demo was a great success for us and the feedback we received at the end was wonderful. It’s great to hear the validation that NxTop is something end users really need, are looking forward to using and that it will solve problems seen in current PC management solutions.

Of course this wasn’t the first time we showed a demo of NxTop. We were running non-stop demos at VMworld in September, some of which was captured on video:

- First Public Video of NxTop

- SearchServerVirtualization (under the ‘VMworld 2008: Exhibitors’ tab)

If you want to attend a live webinar to see the NxTop demo, let us know via our website. As soon as we have some dates lined up later this year, we’ll let you know when and how to sign up.

As all of us who use PCs know, sometimes things just go south. Each PC user develops their own set of rituals to attempt to recover.  When all else fails, we sound the alarm to the IT team. In some cases, they show up with a silver bullet. In other cases, we end up with a fresh install of Windows and spend the next two weeks trying to get our data and settings back to the way we knew and loved them.

NxTop makes those days obsolete. Blue screen of death? No problem. IT can still establish network connectivity to the PC and restore a fresh Windows environment, complete with your data and settings as of the last time you were connected to a network.  Lost or damaged PC. Not to worry. IT pulls another machine off the shelf and within minutes you are back to you – not back to square one.

Even IT teams that are sophisticated enough to have central Windows image management struggle with image bloat. They start off with one master corporate image for Windows XP. Over time, they create one-off images of the same operating system to account for department-specific application needs and hardware compatibility requirements such as special drivers. Before long, they wake up one day and find that their “master” copy of Windows XP is really 50 master copies of Windows XP.

With NxTop, IT teams can install applications that are common to all users directly into the base image but employ application virtualization to deal with user or group specific applications. Also, because Windows is talking to NxTop’s virtualization layer instead of the physical PC hardware, managing driver and other hardware compatibility issues becomes orders of magnitude easier.

Today, most people are protecting Windows from within Windows – or, perhaps I should say, trying to protect Windows from within Windows.  The very first thing that most malware does is disable all of the security protections within Windows.

NxTop allows security functions to be performed outside of Windows.  It also has an innovative feature that allow Windows to “self clean” on a reboot.  Those pesky rootkits and keystroke loggers that are so good at hiding themselves within Windows are automatically shed.

IT folks and end-users don’t agree on much, but they both share a common dislike of agents in Windows.  They are everywhere these days:

• Need to distribute software?  Install an agent.
• Patching?  Here’s an agent.
• Backup?  Agent.
• Security?  Used to be an agent—now it’s a six-pack of agents.

The purpose of Windows is to run productivity applications.  You deserve its undivided attention.  By moving management and security functions into a virtualization layer outside of Windows, NxTop creates an agentless PC management model that allows Windows to focus on what it was intended for.

In today’s corporate environments, PCs often start with a master image of the Windows operating system, but as soon as an individual begins using their PC the image takes on a life of its own. If you have 10,000 PCs, you have 10,000 variants of Windows.  Microsoft “patch Tuesdays” have become a dreaded pastime for many desktop administrators. Even though many utilize central patching tools, they never really know for sure what is going to happen when a patch hits a PC. In most cases, everything goes fine. However, in those cases when it goes badly, it goes very badly.

The IT pros we have spoken with have told us that a failed patch is often a desk side visit. This is painful proposition when it is a frustrated end-user down the hall. It’s a “career limiting” proposition when the user is the CEO in a hotel room in Beijing. NxTop takes the pain and risk out of patching in a couple of different ways:

• Instead of applying a patch to 10,000 divergent copies of Windows, the IT person applies the patch to a single Windows virtual machine that is not in use by an end-user. They test it. They publish it. That’s it.
• The next time the end-user reboots their PC, they boot into a patched image. They never saw or felt the patch. They still have all of their unique data and settings. In the unlikely event that there are complications with a system update (say, in a Beijing hotel room), the PC boots into the last known good configuration.

We are unique from many startups in that the problems we are trying to solve are not new.  The challenges and pitfalls of maintaining and securing PCs are well documented, and there are many existing companies attempting to tackle different aspects of the problem.

The advantage we have as a new entrant is that we are in no way limited by “the way things have always been done.”  Since we have no stake in the status quo, we bring an entirely fresh perspective, as well as an architectural approach that was not technically feasible prior to recent advances in virtualization software and hardware technology.

Over the next couple of days, I’ll post some thoughts on how age old PC management challenges can be tackled in a completely different way using NxTop, our PC management platform.

These thoughts are around the top five PC management challenges we’ve been hearing about:

1. Complex patch management
2. Too many agents
3. Flawed security model
4. Image bloat
5. Tough to recover from problems

(Note: This post has been updated with links to all five PC management challenges.)