Phoenix Firmware Security Taking Flight
Spending the bulk of my days in vendor land, I try to avoid vendor-related coverage for the most part to avoid any conflicts of interest, and, you know, because I spent so many years writing up so many dang vendor pitches.
However, I do think it is worth noting in these parts when a new(ish) technology provider makes a splash with some form of truly innovative security technology.
Phoenix Technologies is a neat company that has actually been around for a very long time in the world of BIOS management and other embedded chip firmware, but one that has also begun targeting security applications over the last several years an effort to expand its business.
And after a few years of stops and starts in trying to evangelize its vision for fostering greater levels of device security via controls integrated directly on the chip level, the company appears to finally be gaining momentum in the security space.
On Tuesday, the company announced easily its biggest news to date around adoption of its FailSafe technology, which entails set of features which promise to serve as an onboard theft-deterrence and DLP technology that provides the ability to protect, track and manage lost or stolen mobile computing devices and the data on those machines.
The company unveiled the news that it has signed definitive agreements with both Lenovo and Samsung Electronics to provide FailSafe in the two companies' notebook computers going forward, its first such deals in the space.
Previously the company's biggest deals, also signed within the last year, revolved around use of its technology in Fujitsu, Seagate and Sandisk storage drives. Phoenix has also partnered with Intel on some integrated chip security projects.
However, getting picked up by mainstream hardware vendors such as Lenovo and Samsung means that Phoenix' products will now reach a lot more customers, allowing it to reach a critical mass in terms of getting the tools into people's hands and seeing if they are actively being used by a lot of people to find and protect their lost devices.
One a base level, it does seem to make a lot of sense to build theft retrieval and data leakage prevention on the chip level to whatever extent that you can. Along with providing a hard-wired level of contacting and defending lost machines when someone connects them to the Internet, one would have to think it would be a real trick for criminals to disable the features with their highly embedded status.
Using FailSafe, Phoenix claims that PC owners will be able to remotely retrieve, encrypt and erase any content stored on their devices, and even remotely disable the device if necessary.
Having the technology built directly into the hardware platform also gives companies the chance to say that they have some form of DLP in place, without being forced to invest in more complex, expensive software and gateway-based systems.
"Mobile PC users with Phoenix FailSafe protection will have the most secure mobile computing experience characterized by encryption, data recovery, remote asset management, location tracking and device locking. Over the past few months, we have worked with processor, memory, disk and telecom partners to ensure that the Phoenix FailSafe platform is the most comprehensive offering available in the market today," said Woody Hobbs, the company's CEO and president.
It will probably take at least six months until we see any computers carrying FailSafe hit the market, but it does look like this is an idea that going to get its chance in the sun.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.