Lenovo Offering Remote Management for Encrypted Hard Drives
Lenovo is encouraging the end of passwords taped to PCs, with its Hardware Password Manager, a server solution that enables IT to remotely manage a fleet of fully encrypted hard drives. The Lenovo solution is for ThinkPad and ThinkCentre products, but supports all brands of hard drives with full disk encryption.Lenovo is looking to take the guesswork out of hard disk drive encryption by offering a new remote management application that ensures corporate data is protected when laptops leave the office.
"You'd think it would be easy to do," said Stacy Cannady, product security manager at Lenovo, explaining the PC maker's new Hardware Password Manager, a server-based solution for remotely managing hard drive passwords, even on fully encrypted drives. "But we've been working on it for four years. A lot of innovations were necessary in order to make it possible."
Each PC has four passwords built into the hardware, Cannady explained to eWEEK, two on the motherboard and two on the disk drive; in each case, one password is for the administrator and one is for the user.
"These passwords were invented 20 years ago by IBM," Cannady said, as a way of providing security and discouraging internal theft. When all the passwords are set, a hard drive won't spin, rendering the machine more or less useless to a thief uninterested in the expense of replacing the hard drive and motherboard.
Password protection and encryption become essential in cases of contractual security obligations, such as in the defense industry.
"The government requires certain BIOS settings," said Cannady. "If you talk to large enterprises, the IT people all know the passwords, but they have to be at the keyboard to set the device manually. If you have thousands of machines, deployed around the world, it's a problem."
Cannady said FDE (full-disk encryption) hard drives aren't being bought in numbers because, while effective at securing data, management of the hard drive password is difficult. If the hard drive password is lost, the hard drive won't spin or decrypt the data, barring access to data.
On the other hand, "If no authentication is required, it will unencrypt immediately and offer you everything," explained Cannady.
The Hardware Password Manager offers a way of centrally managing the four passwords, so IT can reach out and touch any of the thousands of PCs in a company's environment, as long as they're online-a capability likely to encourage the adoption of FDE hard drives.
Research from PGP states that in 2008 the average cost per incidence of a security breach involving sensitive personal information was $6.65 million, or more than $200 per compromised record.
Gartner research additionally shows that even simple calls to help desks for password resets can cost up to $18 per call-and that 30 percent of help desk calls are password related.
With Hardware Password Manager, an employee has the option of logging into the company's intranet using his or her intranet credentials and then re-enrolling a new password-the real passwords are only known to administrators. Additional options include logging into an emergency account created by the IT administrator, or entering the real hardware password-both of which would need to be provided by IT.
Capabilities for interacting with Hardware Password Manager are included in the newer ThinkPad and ThinkCentre PCs with Intel's dual-core Centrino 2 chip set, and will be included in ThinkPad and M-series desktops going forward.
Pricing, which is relative to the numbers of PCs supported, begins at $70 for one PC, and the solution will be available May 7.
Clearly, security is a priority for Lenovo, which on Dec. 1 introduced the first laptops with Intel Anti-Theft PC Protection technology, and on Nov. 24 announced it was offering users the ability to use an SMS text message to disable a notebook that had been stolen or lost.