"Encrypting drives offer state of the art protection for PC data, but companies everywhere previously had difficulty managing them," said Peter Schrady, vice president and general manager, Enterprise, Software and Peripherals, Lenovo. "Lenovo's new Hardware Password Manager product provides an easy tool to reset passwords by remote control, including full-encryption drives. This is the world's only solution to centrally manage all available brands of fully encrypting drives. The fact that it can also utilize our fingerprint reader to access encrypted drives makes it even better."
The High Price of Compromised Data
Theft of sensitive information from personal and enterprise computer systems is one of the fastest growing crimes in America. More than 250 million records containing sensitive personal information have been involved in security breaches in the U.S. since January 2005.1 When this happens, companies often incur costs for incident response handling, legal fees, corrective actions, loss of reputation and loss of customers. In fact, the average total cost per incident in 2008 was $6.65 million, more than $200 per compromised record.2 More than 40 states require businesses to notify customers if sensitive data is compromised, however, some allow exemptions for encrypted data.
Providing Manageability and Strong Security
While FDE technology offers companies higher levels of security over traditional hard drives since every piece of data on the hard drive is encrypted, managing these drives has proved challenging until now. Lenovo designed the Hardware Password Manager to give businesses the ability to easily set up, deploy and remotely manage and reset employee hard drive passwords. It also allows employees flexibility to set their own passwords to protect their privacy. Lenovo’s ThinkPad X301, X200, X200s, X200 Tablet, T500, T400, R500, R400, W700, W700ds and ThinkCentre M58/M58p desktop support the technology.
Because most companies do not manage employees’ hard drive passwords, previously the drive would have to be sent to a third party for costly recovery if an employee forgot or lost a password for their PC’s hard drive. If the drive happened to be encrypted, the data would be unrecoverable. For the small number of companies that do manage employees’ passwords, password resets would most likely require on-site support, adding time and expense for the organization.
Gartner found that help-desk related calls, including password resets, can cost companies up to $18 per call, which can add up quickly across a large organization. It also found that 30 percent of the total call load for multipurpose help desk calls are password related and that password management can help reduce that volume by 70 percent.3
Simple Password Set Up and Retrieval
With Hardware Password Manager, IT administrators can create an administrative user ID and hardware password within a “vault” in the PC’s BIOS. The administrator can then deploy the PC or remotely send the installation package to an employee’s PC in the field. When the employee turns the PC on, he or she will choose a unique user ID and password to access the PC’s hard drive. Similarly, when the employee enters his or her user ID and password, it will also unlock the fully encrypted hard drive. This ID and password could be the employee’s Windows Domain user ID and password.
In the event the employee forgets his or her password, there are several options for retrieving it. The employee can simply:
Log onto the company’s Intranet through a wired connection with his or her Intranet credentials and re-enroll a new password
Be given access by the IT administrator to an emergency account already created in a BIOS “vault” in the PC (just for this purpose)
Bypass the prompt for the Hardware Password Manager and enter the real hardware passwords (provided by the IT). Then the Help Desk can deregister the old “vault” remotely to allow the user to re-enroll a new ID and password
Additionally, Hardware Password Manager allows for central management of the BIOS Supervisor password, helping control the configuration of BIOS settings on a deployment of PCs. In some industries, regulation and contract requirements mandate certain BIOS configurations, and without central management of the Supervisor password, meeting that requirement can be costly and labor intensive.
"The costs of data security breaches are real and continue to rise each year," said Brendan Collins, vice president, Product Marketing, Hitachi Global Storage Technologies. "Hitachi has been a strong supporter of industry efforts to enhance data security standards and has now been shipping encrypted hard disk drives for four product generations. The Hitachi Travelstar 5K500.B has the potential to extend the reach of data encryption technology and provide additional safeguards for notebook users who travel the world with confidential information. When used together with Lenovo's Hardware Password Manager, IT managers have the building blocks they need to help meet higher levels of security compliance."
“LANDesk has worked with Lenovo to offer a variety of management capabilities for Lenovo’s ThinkVantage Technologies and is now extending them to include Hardware Password Manager,” said Steve Daly, general manager, Avocent LANDesk Division. “This allows IT administrators to remotely deploy and reset lost or forgotten passwords, adding a new level of control for companies who need the latest hardware security and control over their PCs.”
Availability4
Lenovo Hardware Password Manager will be available worldwide starting in early May through Lenovo sales.
1http://www.privacyrights.org/...
2PGP Corporation/Ponemon Institute. U.S. Cost of a Data Breach Study, February, 2009
3Gartner: Market Overview for Password Management. Kreizman, Greg and Carpenter, Perry. June 2, 2008.
4All offers subject to availability. Lenovo reserves the right to alter product offerings and specifications at any time without notice