WinMagic has teamed up with Lenovo to provide full-disk encryption management. Mobile users who carry sensitive data on laptop hard drives will benefit from the protection afforded by SecureDoc while IT managers gain the upper hand in managing security for "data at rest."
When sensitive data must
travel with employees on a Lenovo laptop, the new SecureDoc for Lenovo
full-disk encryption-management tool for self-encrypting hard drives helps
ensure data security without placing an undue management burden on central IT.
WinMagic teamed up with
Lenovo to provide SecureDoc for Lenovo, which also offers managed software
encryption for PCs equipped with traditional non-encrypting drives, thus
offering a migration bridge for organizations making the transition to tighter
Remember, though, carrying
data so sensitive that it would warrant significant user and IT-management
efforts should be evaluated against other methods-including cloud storage-in
terms of cost, actual effectiveness and suitability for business users.
If the decision is made to
send regulated or highly sensitive data on the road, the SecureDoc for Lenovo
combo showed itself to be a tightly controlled, user-friendly package of
hardware and software. In addition to hard-disk encryption, SecureDoc can also
encrypt data on removable media, including a USB drive, CD or DVD. Before being
given a chance to log on to Windows, SecureDoc forced me to perform "pre-boot"
authentication to gain access to my system.
I tested SecureDoc for
Lenovo on a T410 ThinkPad system equipped with a Seagate Momentus Thin 250GB,
self-encrypting hard drive. The laptop came with Windows 7 Professional with
SecureDoc for Lenovo preinstalled. The first thing I noticed was that the
password shipped with the system was PASSWORD, all uppercase. When I used the caps
lock, the log-on failed. If I held down the shift key and typed in the
password, it worked. With this type of pre-boot environment software, I wasn't
surprised by this behavior, but it is worth considering when configuring secure
systems that are jostling for priority before the OS loads.
I loaded the Kaspersky tool
to see how antivirus tools-which are well-known for conflicting with other
products that modify the boot process-affected SecureDoc for Lenovo. I was able
to use SecureDoc alongside Kaspersky Antivirus 2011 without problems. Both
products started correctly and did not interfere with each other at boot time.
During my tests, I was able
to use two-factor authentication, including the built-in fingerprint reader on
the Lenovo T410. Using the fingerprint reader was a transparent user process,
which means that the fingerprint request appeared as part of the SecureDoc log-on
process, not as a distinct step.
While SecureDoc for Lenovo
can be implemented with minimal impact on users' productivity, the product does
have a sophisticated and wide-ranging set of configuration options. The
administrative console covers drive encryption, key management and boot control,
and provides optional tools for controlling USB ports, external media
encryption, audit logging and extensive control over the user interface.
SecureDoc in Action
I used SecureDoc for two weeks
at eWEEK Labs as a general-purpose notebook and as a client system in a VMware
View (VDI virtual desktop infrastructure) test. The only time I noticed the
tool was at boot-up time. In all other cases, the SecureDoc for the Lenovo
management interface was out of sight. I noticed no impact on performance when
running remote-desktop sessions in the VDI tests nor when processing normal
Setting up the finer aspects
of SecureDoc for Lenovo was relatively simple. While the user interface is easy
to navigate, only expert security administrators should make decisions about
how to implement SecureDoc for Lenovo features so that data is protected in
accordance with the organizations' needs, and users are not unduly burdened as
they go about their work.
While the Seagate Momentus
drive and SecureDoc for Lenovo are oriented toward full-disk encryption, it is
possible to limit encryption to files and folders using the product. I was able
to selectively encrypt "data at rest" on my test system to reduce
For compliance and reporting,
it is possible to use SecureDoc to monitor disk access. For example, I was able
to lock the USB drives that were attached to my test system. Locking limits the
user's ability to encrypt or decrypt data on the USB drive, thus ensuring that
even data copied onto a USB stick could be audited to ensure that it wasn't
being taken to an unsecured location.
I was also able to monitor
drives in my system so that I was notified when an access attempt was made. The
system also enabled me to log basic disk-write activity, including tracking who
made the change as well as the file and sector that was modified. SecureDoc for
Lenovo can also be used to block writing to the USB drive and other drives as
defined in the policy.