Device loss happens more than most people think. The media tends to focus on the occasional theft or misplacement of the devices of public sector employees because these laptops and smartphones contain especially sensitive (confidential or personally identifiable) information. Private sector workers lose their devices just as often, however. Employees from 604 American and European companies somehow lost over 150,000 laptops in a single year, according to a 2010 survey. Over one-third of all people have lost a mobile device in public. Device loss accounts for between 18–35% of all data breaches. The Cloud Security Alliance ranked it the #1 mobile security threat.
For small-and-medium-sized businesses, the loss of the device in itself would be enough to put a dent in their bottom line. However, the costs of responding to a data breach actually account for 80% of the losses associated with a stolen or misplaced device. A lost laptop costs businesses on average of $49,246.
A NASA worker’s laptop containing the personally identifiable information of at least 10,000 agency employees and contractors was stolen from a locked car last month. NASA has begun aggressively installing data encryption software on all of its laptops as a result. It now requires all agency-issued laptops containing sensitive data to be fully encrypted before they can be taken off-site. Adding to the costs and distractions of implementing its encryption program, NASA will also have to pay for free identity theft and credit monitoring services for all the employees and contractors affected by the data breach.
Forty-eight laptops were stolen from NASA between 2009 and 2011, including one that contained command and control codes for the International Space Station. Complaints about the performance-reducing effects of encryption software slowed the agency’s prior data protection efforts.
Not only do all these examples and statistics demonstrate the devastating impact of device-loss-related data loss, they also show the ineffectiveness of traditional security measures in preventing it. For instance, NASA’s attempts to secure its laptops resulted in encryption software that curtailed productivity and a “no encryption, no travel” policy that wastefully distributed mobile devices to stationary employees. The device loss statistics also discourage any attempts at some kind of “loss-awareness” program to motivate or teach employees to keep a closer eye on company-issued laptops and smartphones. Incompetence alone cannot explain the high number of mobile devices lost or stolen every year; momentary absentmindedness probably has a role in it, too. Until businesses come up with a solution for human imperfection, they will have to accept device loss as a natural byproduct of laptop and smartphone deployments.
However, with IronOrbit, businesses never have to accept data loss as a consequence of a mobile workforce. IronOrbit, an all-in-one cloud-based IT infrastructure, retains its data at off-site data centers. Authorized users can access this data, but can be restricted from transferring their files and applications to the hard drive of their device. In this way, IronOrbit prevents lost or stolen devices from causing a data breach.