Glad these sorts of things are coming to light more and more. I could tell you stories about an ex-CEO of mine´s laptop+15 going walkabout.

Asset management isn´t just about the hardware but the data also.

One ingenious way to try and curb the hardware issue is full on RFID asset tagging. If you have the ability in your building you can at least see where the devices were on your campus last by scanning physical chokepoints. Surveillence acts as a deterent here. Too hard to police. There should always be independent confirmation available, and perhaps building access logs, though these are rarely outbound at the last hurdle. They should know who had the device assigned to them last too, but so many do not use their enterprise directories for Add´s, Moves and Changes as it relates to ´tools of the trade´, e.g. assets. Too big too hard, resouces anyone?

The next challenge is in enumerating and costing of the potential data on the devices, hence, in my opinion, corporate indexing ( think Google Desktop or OSX´s Spotlight ) of machines and corporate key-loggers should be mandatory in the battle for ´Total Information Awareness´, feasible forensics and data accounting.

The other aspect is that of having machines report home before they are wiped, which should include things like IP address ( allowing the ASN to be enumerated etc last known address as such ) and a record of local flows e.g. IPFIX/netflow. Argus on all devices!

A lot I know, but this is where we are heading towards once the full value of data is realised in the evolving information lifecycle.

I feel myself slowly returning to the challenges at hand over time. As you can see I am still following your blog with great interest.

No one said it would be easy They just didn´t tell me that before the fact *grin*

D.