Not that we needed another reason to love Starbucks here at Virtual Computer, but they are quickly emerging as a poster child for why a better management and security approach is needed for laptop PCs—something we are a bit passionate about here.  After a lot of Internet buzz, leaked internal memos, etc. over the last couple of days, Starbucks has confirmed that a laptop containing personal data on nearly 100,000 employees has been stolen.  Not only that, but they are the first high profile “repeat offender” I have seen in a while.  They actually lost four laptops in late 2006 that also contained sensitive employee data.

The Seattle Post-Intelligencer has more information on what is another unfortunate example of stolen data and hardware leading to expense and, frankly, embarrassment that could have been avoided.

Our recent post on laptop theft statistics goes into detail on not only how many laptops are stolen and how often (one every 53 seconds – think about that) but also how we are designing NxTop to help companies avoid this problem in the future.

Since announcing NxTop in September, we’ve been saying that our solution will change the face of PC management.  While there are a number of solutions for managing desktops, NxTop is unique in its ability to apply desktop virtualization to both stationary desktop PCs and laptop PCs to dramatically improve their manageability, reliability, and security.

We continue to talk with the press and IT community about NxTop, the technology behind NxTop and our mission to use the latest in virtualization technology (a type 1, bare metal client hypervisor) to make PC lifecycle management easier than ever, including for the laptop PCs that present so many headaches to IT professionals today.

One of our more recent discussions was with Enterprise Management Quarterly. Virtual Computer CEO Dan McCall provided his perspective on the challenges faced by IT staffs in managing laptops, how managing laptops differs from managing traditional desktops, security implications, the limitation of agents and more.

Here are a few quick excerpts:

IT Managers have begun to find that the same virtualization technologies that have revolutionized the way IT data centers are managed can improve the manageability, reliability and security of desktop operating system environments.  Right now, most desktop management is done using software agents within the operating system.  This approach has reached its limit in terms of both functionality and usability.

When time comes for an IT Manager to apply a patch to the desktop operating system, they need only apply the patch to the master virtual machine running on NxTop Center.  Once the patch is applied, NxTop Center seamlessly publishes the blocks of data that have changed to all NxTop Engines subscribed to that virtual machine.

Our most significant technology innovation is our patent pending approach for isolating the four main components of the PC: hardware, operating system, applications and user data.  Allowing each of these components to be managed independently is what enables us to give IT Managers scalable one-to-many desktop management without taking the “personal” out of personal computers the way that other desktop virtualization products have.

Read the full article at Enterprise Management Quarterly and if you have any questions on NxTop, Dan’s article or Virtual Computer, let us know in the comments below or on our forums.

Rick Faulk, who we announced yesterday has joined our Board of Directors, sent us a pointer to a very interesting article in the November issue of Fast Company magazine.  It included some data points that I found a bit staggering:

• A laptop is stolen every 53 seconds.
• More than 12,000 laptops disappear each week from U.S. airports alone.
• Only 3% of laptops are ever returned.

The article went on to describe some of the technologies out there for tracking and recovering stolen laptops as they come up on a network somewhere “in the wild.”  This is innovate technology, and it seems like it is getting some very positive results.  However, in my view, it is only a partial solution.  With NxTop, we provide a similar ability to remotely “kill” a laptop and wipe away its data.  This throws up some pretty big obstacles to the run of the mill thief.  However, a criminal can counteract this through a variety of methods ranging in sophistication from simply not connecting the laptop to a network to pulling the hard drive out and accessing the data through other means.

For most companies, the monetary loss of the laptop itself is nearly meaningless.  The two bigger concerns are security of sensitive data and lost productivity of employees due to missing data and time spent without a functioning PC.  So, in addition to remote kill, we have layered additional measures such as:

• Trusted boot to protect against tampering with our virtualization layer.
• Encryption by default for all data on the laptop.
• Policy-based controls governing how often the laptop needs to “phone home.”  (For example, if the laptop does not check in at least every X days, it becomes inaccessible.)
• Transparent backup of user data to the central server.
• Hardware abstraction that presents a common set of “virtual hardware” to Windows regardless of the underlying PC hardware.

None of these things is a silver bullet by itself.  However, if a NxTop-enabled laptop is ever lost or stolen, the company has assurance that they have multiple measures working in concert to make it a non-event.  For example, even if someone was going to take a run at cracking encryption, the ticking clock of the “phone home” policy dramatically shortens the window they have to do so.  Additionally, the combination of hardware abstraction and user data backup allows IT to just pull a new PC off the shelf (even using an HP to replace a Lenovo or vice versa) and restore to a complete user-customized PC in minutes.

A government laptop containing personal information was stolen in North Carolina. The laptop contained personal information of people receiving services from the North Carolina Division of Aging and  Adult Services. Here’s the story.

While the data on the laptop was password protected, there is no guarantee that the personal information stored on the computer can’t be accessed. Now, there’s hassle and expense all around:

• North Carolina must contact all of the potentially affected people
• These people are asked to place a fraud alert on their credit report and to regularly monitor their credit report
• Additional people were notified to be alert (presumably, contact information was on this laptop but not social security numbers)
• The end user needs a new laptop and hopes their data is backed up (not just the consumer data but anything they’ve had on the laptop)

As you can see, this is a real problem for many people and, rightfully, there is real concern. In a situation like this, you hope it’s just the hardware that will be used by the laptop thief and not the data on it.

This scenario is one we are solving with NxTop. We realize that laptops will be stolen and that dealing with the follow-up in any situation is a pain. In most cases, it is the data on the stolen laptop that causes problems and not the hardware itself.

The solution we’ve come up with combines use of disk encryption and data leakage protection with the ability to remotely “kill” the PC from NxTop Center with a few mouse clicks.  Plus, all of the user’s data, applications, and settings are seamlessly backed up on the central server.  Simply register a new PC with NxTop Center—even a completely different laptop from a different vendor—and within minutes the user is restored to their personalized environment.  I don’t mean a base Windows image with collection of files from a backup server.  This is their desktop environment, right down to the settings and the wallpaper picture of their cat.

For more information, see this post: How Do You Deal With A Stolen Laptop? and this web page: Laptop Management and Mobile User Management

Today, most people are protecting Windows from within Windows – or, perhaps I should say, trying to protect Windows from within Windows.  The very first thing that most malware does is disable all of the security protections within Windows.

NxTop allows security functions to be performed outside of Windows.  It also has an innovative feature that allow Windows to “self clean” on a reboot.  Those pesky rootkits and keystroke loggers that are so good at hiding themselves within Windows are automatically shed.

IT folks and end-users don’t agree on much, but they both share a common dislike of agents in Windows.  They are everywhere these days:

• Need to distribute software?  Install an agent.
• Patching?  Here’s an agent.
• Backup?  Agent.
• Security?  Used to be an agent—now it’s a six-pack of agents.

The purpose of Windows is to run productivity applications.  You deserve its undivided attention.  By moving management and security functions into a virtualization layer outside of Windows, NxTop creates an agentless PC management model that allows Windows to focus on what it was intended for.

We are unique from many startups in that the problems we are trying to solve are not new.  The challenges and pitfalls of maintaining and securing PCs are well documented, and there are many existing companies attempting to tackle different aspects of the problem.

The advantage we have as a new entrant is that we are in no way limited by “the way things have always been done.”  Since we have no stake in the status quo, we bring an entirely fresh perspective, as well as an architectural approach that was not technically feasible prior to recent advances in virtualization software and hardware technology.

Over the next couple of days, I’ll post some thoughts on how age old PC management challenges can be tackled in a completely different way using NxTop, our PC management platform.

These thoughts are around the top five PC management challenges we’ve been hearing about:

1. Complex patch management
2. Too many agents
3. Flawed security model
4. Image bloat
5. Tough to recover from problems

(Note: This post has been updated with links to all five PC management challenges.)

The Daily Incite says it best: “No one cares about encryption” – not exactly, people care (and The Daily Incite does mention this). They care a lot. Encryption is a must have. It’s just that people don’t care about the details behind the encryption.

Encryption has evolved from a product to a feature and should be included in a wide variety of products. It’s not something that should be sold separately, or something that should be purchased from a third-party, or something that is optional. It’s important and it should be expected that vendors will work out the details and by the time the product makes it to you, it must work and be seamless. Except in very few instances, people don’t want to select encryption, they don’t want to know what the encryption is, they just want it included. It’s a must have but not a decision factor.

Mobile computing exacerbates the need for encryption. How often do you hear about stolen or lost laptops? What about data leakage? Encryption is a must for mobile devices – it’s not an add-on.

NxTop is built with integrated and full disk encryption to ensure total protection of your data, which is very important for managing laptops and other PCs. Our engineers (and myself) spent a lot of time to determine the right encryption for NxTop (secure, transparent, easy to manage, doesn’t add a lot of bulk, etc.) so that when you test and deploy NxTop (and you will :-), you can be sure encryption is in place without any worries.

Mass High Tech broke the news on our upcoming company launch in their cover story: Stealthy virtualization startup makes laptops more secure, manageable.

The entire article is an excellent read and lets you know a little about what we’re doing:

The [Virtual Computer] software would be designed to isolate a laptop’s four major components — hardware, operating system, applications and user data — and create versions on the laptop of those components that operate remotely, without a network connection.

There’s more to it and those that know what we’re up to are excited. Chris Wolf, of the Burton Group, says “They’re going to redefine how organizations can deploy virtualization to a mobile workforce.” That’s exactly what we aim to do…make it easy to manage all of those laptops that your organization has and will have, in a secure environment.

As you can no doubt tell, all of us here at Virtual Computer are passionate and excited about what we’re doing. Check back next week for more details.

Earlier this week, I noted HP’s increase in laptop sales (sure to be followed up by similar increases at other vendors) and it got me thinking about how difficult in can be to manage all of those mobile desktops. Besides the basics of desktop management (patches, updates and so on), there are all of the usual security issues and brand new ones (theft is a bigger issue when laptops are “out in the world” and it’s more likely that some form of malware will be installed when someone is using their work laptop to surf the web at home). One has to be careful and diligent about laptop management, even moreso than “regular” desktop management.

Don’t get me wrong: laptops offer many benefits over traditional desktops and the decreased cost of laptops is allowing more and more people to see these benefits — and as an end-user, I love the flexibility my laptop offers me.

Are you responsible for laptop management? What are your concerns? Leave a comment and let me know.