WinMagic Partners With Intel On Full-Disk Security

WinMagic has announced an agreement with Intel to support Intel Anti-Theft Technology (Intel AT).  When combined with WinMagic's SecureDoc full-disk encryption, Intel AT will provide customers with fully-integrated, tamper-resistant data protection and laptop theft deterrence.

WinMagic's integrated security offering leverages the robust hardware-based capabilities of Intel AT chip to enable stronger data protection.  WinMagic's SecureDoc integrates with the local and remote theft detection mechanisms provided by Intel AT during pre-boot and normal operation to ensure that data cannot be accessed by an unauthorized user. If an Intel AT enabled laptop is lost or stolen it can be disabled remotely through the action of an IT manager at a corporate console in a central location. If recovered, the laptop's functionality can be restored, reducing the economic impact  of the temporary computer loss to the organization.

Gary McCracken, vice president of technology partnerships at WinMagic, says that the foundation for the latest version of SecureDoc has been laid over time. It has its roots, he says, in the client/server architecture of WinMagic's legacy products, where the server pushes a profile clients that can control a variety of factors such as password strength, biometric authentication, and how the company want ports on the client platforms to be controlled. The configuration information is wrapped with an executable package which is installed on the clients. McCracken says, "The first thing installer does when it runs is check for a self-encrypting drive (for more about full disk encryption, see Full Disk Encryption Evolves) and then the software decides whether to manage the drive or encrypt in software. After the installation, the credentials required to recover data are sent back to the central administration server." The information shared between client and server allows for the very precise management of the data from a central console.

Intel AT, according to McCracken, is a technology that has a number of capabilities apart from full-disk encryption. There's a hardware timer and memory for secure storage. McCracken says, "The Intel AT software can disable hardware from a central console. If it doesn't rendezvous with the central server within a time window, it triggers a poison pill that shuts down the CPU."

Anand Pashupathy, Director of initiatives and services, strategic planning, at Intel says that Intel was driven by several factors in developing the Intel AT functions. "We found there were two sets of technologies being provided to customers. One was encryption and the other was theft detection. We wanted to make the solution even more tamper resistant than what was originally available. In large enterprises we found we could harden the solution and make it more tamper-resistant by hiding the keys in the AT chipset. Now, if someone took the hard drive out and put it in another machine they couldn't get at the data because the key is in hardware in the original machine. Should the laptop be stolen or lost, the poison pill can be sent and the laptop shutdown. In the lag time the data is protected through the full-disk encryption."High-profile cases of data loss due to laptop theft or mishandling have raised the consciousness of theft deterrence and data encryption in many IT executives minds. Building the capabilities for the functions into the basic laptop chip set is really the only way to accomplish two key factors in success; gaining enough "critical mass" to make it reasonable for software developers to write code enabling the features, and lowering the cost of the solution to a point that encourages companies and individual users to take advantage of the security products. It's good to see Intel and WinMagic bringing a solution to market: it will be even better when AMD and additional software vendors enter the fray and make encryption and theft deterrence more nearly universal features of portable devices.

Pushapathy says that Intel AT functionality will be part of the Caltella platform starting in early 2010. While no specific branding for the feature set is planned, Pushapathy points out that VPro is the business brand of Intel, and the anti-theft and encryption will be part of that feature set beginning next year.