NEC has announced a new laptop that has no hard disk drive, perhaps with the intention of preventing any loss of confidentiality if a powered-off system is lost or stolen:
Local storage resides in the computer’s RAM, which is cleared when the machine is switched off, thus removing any potential security risk from data theft but also requiring a backup before the computer is switched off. This can be done with a central server or, should a network not be available, to a USB memory device, [a spokesman for the Tokyo company] says.
It’s a piece of mind for many, I’m sure, but most attacks still happen when the computer is still switched on and connected to a network. Just a few more thoughts:
1) This could be a glimse of the future when online security becomes so strong that remote attacks become truly remote, meaning the physical security of traditional PCs with massive local storage (80GB and more) may be the weak link of tomorrow.
2) Saving files to USB doesn’t seem like it provides any real consolation unless the USB device is encrypted or has some other controls (pill-format that can be easily swallowed?) to prevent loss. Not to mention USB fobs tend to be volatile and have the annoying habit of wiping themselves without warning, so I wouldn’t exactly rely on them without some kind of extra assurance.
3) This is likely to be transformed into something a little more practical such as an Internet cafe system, or public kiosk. Restart the system and you know it is clean. That type of environment would easily justify the extra expense. I don’t see the cost being justified in a personal laptop sense (yet) for the prior two reasons.
4) Personally, I would love to have an instant-on thin client interface at home, which would rely on a centralized redundant array of inexpensive disks. Nothing in the market is really there yet for the home user. Yet, the NEC system suggests we could be nearing an age when a true thin-client and server-like solution could be in every home (“honey, I think we need to upgrade the datacenter”). And then we could talk about home security in a similar manner to large corporations (layers and defense-in-depth) instead of a random smattering of desktops littered around a household trying in vain to share files and migrate profiles without excessive self-exposure.
Have to give NEC some credit for pushing the envelope on security. The last thing I saw from them was a massively-redundant 4U server that promised better than five nines (less than 5 minutes of down-time per year). See? You put that thing in your basement with HVAC conditioning and a few of these laptops around the house…as soon as the price comes down to earth I’m on it.
Cool company.