active
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
There is no public information about these companies using Wave's software. My point is that it is good news that they are embracing TPMS and it will be great news if they use ERAS across their corp networks.
John
Public confirmation Boeing and BAE using ERAS, broad-scale....WOW!
John
Doma, exactly. Those companies collectively represent 400,000 seats. It would be nice to see large Wave deals with each of them.
John
JKIRK,
all of this is really on the cusp of gaining major traction. There are over 400,000 seat possibilities just with the companies that Berger mentioned in one of his articles that are taking advantage of TPMs. A couple of additional large reference accounts and we're off to the races.
John
Wave to Present Advanced Applications of Trusted Computing at Department of Defense Information Assurance Symposium
Securing Endpoints for Mobile Devices the Focus of Second Wave Presentation
LEE, MA, Mar 04, 2011 (MARKETWIRE via COMTEX) -- Wave Systems Corp. /quotes/comstock/15*!wavx/quotes/nls/wavx (WAVX 3.89, +0.03, +0.78%) (www.wave.com) announced today that President & CEO Steven Sprague and Chief Scientist Dr. Robert Thibadeau will speak on Thursday, March 10, providing two presentations for next week's DoD Information Assurance Symposium (IAS) in Nashville, TN. Mr. Sprague will present "Trusted Computing: Advanced Concepts and Uses in the Near Future" as part of a track dedicated to Trusted Computing. Dr. Thibadeau's session will address managing endpoint security for mobile devices.
Trusted Computing offers compelling security benefits for today's global enterprises that face serious cyber threats. The technology gives organizations a new paradigm for device authentication and trusted execution, along with faster and more secure encryption based in hardware. Mr. Sprague's presentation (2:00 to 3)(2:at the Gaylord Opryland Hotel in Nashville)(2:TN) will share a host of use-cases for the Trusted Platform Module (TPM), a cryptographic integrated circuit that comes standard on business-class PCs. Sprague will show how TPMs are providing additional security by safely storing keys and establishing device identity through the use of a private signing key stored within the TPM. With device identity (as opposed to only user identity), enterprises can ensure that only known PCs are permitted access to corporate networks and sensitive resources. The presentation will explore how the TPM can provide integrity management, health checks and can be used as a foundation for health measurements, which can be used for access control.
"We believe that companies can improve their security profile considerably by taking two simple steps: requiring all new PCs to have TPMs and then turning them on," Sprague said. "Securing all certificates with the TPM is a security enhancement that reduces the risk profile significantly."
Sprague's presentation will also cover advanced applications for self-encrypting drives (SEDs) that perform encryption directly in drive hardware as opposed to on a computer's processor and operating system. In addition to the security and performance benefits that SEDs offer over software encryption, Sprague will share the powerful benefits SEDs provide to virtualization deployments -- where multiple "virtual" machines run on a single physical platform made possible by a component called a hypervisor.
"We'll demonstrate some of the security and performance advantages of Opal self-encrypting drives and show how easy it is to centrally manage them," Sprague added. "We'll also show some lesser known capabilities of the drives, such as the ability to create individually secured and accessed multiple partitions, each with its own operating system. This introduces the user to the concept of 'more than one PC in my PC.' One day we may see a corporate managed image and a user managed image on one platform."
Following Sprague's presentation, Dr. Robert Thibadeau, the industry's foremost expert on self-encrypting drives, will present "Implementing and Managing Endpoint Security for Mobile Devices" from 3:30 to 4:30, focusing on the proliferation of security issues that have arisen with the expansion of the use of smartphones. As users bring sensitive information and transactions like electronic payment out of secure environments and onto cell phones, tablets, and untrustworthy networks, security must adapt and protect these new areas of vulnerability. Protecting the endpoint becomes more critical than ever.
"The challenge shifts when we move to mobile devices," commented Dr. Thibadeau. "To match this shift and maintain a trusted framework, we need to use our ingenuity and reinvent the ways we use technologies we already have, as well as explore new developments."
The symposium is hosted jointly by the National Security Agency (NSA), the Defense Information Systems Agency (DISA), and the United States Cyber Command (USCYBERCOM), as a forum to bring together the security industry's thought leaders to address the information assurance mission. IAS runs in conjunction with the Information Assurance Exposition (March 8 - 10, 2011), where Wave will exhibit (booth #630). Booth demonstrations will include: management of self-encrypting drives using Wave EMBASSY(R) software including support for Common Access Card (CAC); Wave for BitLocker Management; and TPM for device authentication. Advanced technology demos will show time-based access and data isolation
A new Wave white paper:
http://www.wave.com/collateral/03-000273_TPM-SED_whitepaper.pdf
John
Self-encrypting drive sales on the up, claims SeagateBut total sales still modest
http://news.techworld.com/security/3260967/self-encrypting-drive-sales-on-the-up-claims-seagate/?olo=rss
By John E Dunn | Techworld
Published: 14:43 GMT, 14 February 11
Disk maker Seagate claims it is finally making some headway in its attempts to get businesses to start buying its self-encrypting drive (SED) products, with a tripling in sales in the last two quarters.
The company is now quoting total sales figures of “more than 1 million,” which is not much of advance of a similar figure offered informally in May last year, but Seagate can still point to numbers heading in an upward direction. Laptop shipments have, Seagate said, “doubled in each of the last three years.”
Factors helping SED shipments in laptops and enterprise sectors will have included that the critical Momentus drive range first launched as far back as 2006 is now being qualified by partners as compliant with the Trusted Computing Group’s Opal specification. This offers a standard way for software to manage the drives compared to the previous proprietary approach.
Login | Register
Follow us on Twitter
Get Widget
--------------------------------------------------------------------------------
Subscribe to Techworld newsletters
Partners include Dell, Lenovo and Panasonic in hardware and Credant, McAfee, Mobile Armor, Secude, Softex, Symantec, Wave Systems and WinMagic in software, which integrate with 24 separate Seagate SED products in the Savvio, Cheetah, and Constellation, and Momentus families.
As impressive as the growth sounds, the figures are still miniscule when set against the 150 million drives the company might ship in a single quarter, which is where the challenge comes. SEDs are still a long way from being a mainstream sector, even in business despite attempts to push the technology since at least 2008.
Last September, Seagate announced that its Momentus SED had become the first drive in the laptop encryption drive market to get the important FIPS 140-2 certification that matters so much to public sector organisations.
X-point, I could not stand software encrypted drives -- with SED, I do not notice it...that is exactly how it should work. Beyond the user experience, the relative improvement in security and managment make it an easy sales pitch. I have got to believe the pace of large-scale sales will increase in the near-term.
John
Hardware FDE/Software FDE,
although I have been a Wave investor for 10+ years, I have not had the benefit of first hand experience in comparing and contrasting these different approaches until recently. SED drives with Wave's software have such a distinct advantage over software based solutions, it is really tough to grasp how the software only based solutions are able to procure new customers. Other than contending with the mixed environment, the sales combo of Wave + SED should be a slam dunk.
I think the next 1 to 2 large contracts will go a long way in bringing the enthusiasm necessary to push us to levels we have not seen in a while. There is no excuse for businesses not to procure these drives or for anyone who possesses personal information on a computer.
John
Great news today!
This is definitely a great validation and from my perspective, is even better than a completely new customer. I think we will get some additional good news in the relatively near term.
John
may1sep2,
no legal relationship to Wavx.
Jaybeaux,
I think it has been addressed that Mazda was a seperate transaction thatn the $5 mm auto account.
John
Awk,
that is quite a find. All of this talk has to soon lead to visible action and results. When the leaders in the tech space, the gov and gov contractors get behind a technology philosophy, it has to lead to greener pastures for companies in the middle of that space.
Snackman, you're right, it's just a matter of time. We all want something right now, but the reality is progress is taking root, just not at the pace that people would like. I think we will see some high profile wins in the near future that will bring cheer to the group.
John
Exer, that post has a familiar ring to it...way too funny or not. Hopefully, Wave can deliver a contract of meaning or a new OEM, because make believe world is really not interesting. I talked to a guy who talked to someone and they said things are about to get really interesting soon. From my understanding, this person worked near a certain facility in MA...wink, wink. Please note the sarcasm.
New Wave whitepaper?
http://www.wave.com/collateral/03-000273_TPM-SED_whitepaper.pdf
Network Security:
How to Defend an Infinitely Expanding Frontier
The increasing use of home offices and laptops has put an ever-expanding number of users, data, devices and applications beyond the security of the traditional enterprise network firewall. At the same time, organizations – and their IT administrators – are held to increasingly higher standards of accountability for breaches in data and network security. Unfortunately, the traditional tools for network security have not adapted well to the rapid decentralization of the enterprise network. Conventional security methodologies based on passwords and software fail to effectively authenticate users and machines on the network or secure data on lost or stolen laptops, or ensure compliance with laws that require disclosure of lost personal data.
This paper will outline perhaps the most powerful, cost-effective and simple solution for bringing the scattered end-points of today’s mobile networks back under the umbrella of a strong centralized network security architecture. It is built on three widely available, proven – but poorly understood – technologies: Trusted Platform Modules, Self-Encrypting Hard Drives and centralized (or remote) security management. This paper will not only help readers distinguish myth from fact about these technologies but will also build a strong case for how their combined application can re-establish network security as an enforceable corporate policy, rather than a strategy.
1 Gartner, “Pay for Mobile Data Encryption Up Front, or Pay More Later,” 2009.
Network Security: How to Defend an Infinitely Expanding Frontier
Page 2
The Emerging Information Security Landscape
Few IT managers would argue that the task of information security has undergone a radical and irreversible expansion in the last decade. In addition to the conventional role of managing security on centralized networks, today’s IT managers must also contend with an increasingly mobile work force that has moved more and more end-users, devices, computing applications and highly sensitive data beyond the safety of the enterprise firewall. In this new landscape, enforcing information security is comparable to defending an infinitely expanding frontier, and essentially protecting network elements “in the wild.”
As the exposures to risk have expanded, so has the price of failure. According to estimates by Gartner Research, the costs related to the loss of a single device or unauthorized access to a company’s computer network1 may reach as high as $1.32 million dollars – even if the breach does not lead to any further security issues such as the misuse of the lost data. Much of the expense is driven by “Notice of Breach” laws adopted so far by 46 states and the District of Columbia. Such laws require companies to publicly report security breaches unless the company can guarantee the data is safe and cannot be misused by unauthorized persons.
Complicating the issue is the reality that conventional security measures for authentication and encryption have not adapted well as enterprise network users have become more mobile and scattered. Traditionally, limiting network access only to legitimate users has relied on the use of passwords. While somewhat effective at authenticating users on a corporate terminal, however, passwords are easily forgotten by the user – especially if policy dictates passwords involve randomized and frequently updated sequences. More to the point, passwords can be easily compromised – providing minimal protection beyond the enterprise firewall.
As enterprise users and computers moved beyond the firewall, a number of authentication tools emerged, including digital certificates, biometrics, one-time password (OTP) tokens and smart cards. All these tools mark a definite improvement over passwords – especially tokens and smart cards, which provide a high level of trust for the road warrior class who rely heavily on laptops. But as use of laptops and work-at-home policies have expanded the number of telecommuters, so has the cost of acquiring, deploying and replacing tokens and smart cards, as well as their supporting software and hardware.
Traditional data protection measures haven’t kept pace to the new network environment either. Again passwords, such as BIOS, OS and ATA passwords, provide minimal security against experienced hackers and offer no means of data encryption. A simple Google search of the phrase “unlock hard drive password” yields several options such as HDD Unlock and Password Crackers, which sell both standalone software products and services for less than $100.
Instead, the de facto standard for protecting laptop data has become software-based full disk encryption (FDE), which encrypts every bit of data that goes on a disk or disk volume, preventing unauthorized users from operating the machine.
Network Security: How to Defend an Infinitely Expanding Frontier
More recently, Microsoft launched its own software FDE product, called Bitlocker, which is offered “free of charge” with select Windows VISTA and Win 7 operating systems. Coupled with other security tools (that we’ll discuss presently), this signifies a compelling advance for securing mobile devices.
However, while software FDE delivers good protection, it remains quite vulnerable since encryption keys are accessible through “cold boot” and “evil maid” attacks. Plus, because software FDE relies on a laptop’s memory and processing resources, it often causes a marked degradation in overall system performance — extending boot times and slowing overall productivity. Lastly, software FDE literally takes hours to install and configure, further adding to the workload of an already overtaxed IT staff.
In short, the use of authentication passwords and software-based encryption attempts to apply conventional measures to risks and challenges that are rapidly evolving past their scope. In addition to the limitations already listed, software-based security cannot guarantee the safety of data in the wake of a lost laptop or other security breach. Thus, the security in place does not comply with reporting requirements mandated by notice of breach laws, therefore failing to protect the enterprise against costly legal action.
Put simply, a network that cannot guarantee the security of its end-points is not a secure network. Yet the basic tenets of information security still apply even as more data, devices, users and applications move beyond the firewall. In order to ensure the integrity of the enterprise network, IT managers still must:
1. Secure sensitive data, whether stored or transmitted
2. Ensure the identity of all devices and users accessing the network, and
3. Exercise centralized control over network security protocols, being able to prove compliance with security regulations
Most IT managers already know this. Although not commonly known, there are tools that can restore each of these tenets in the most mobile and fractured network, restoring them virtually overnight, with minimal cost. They include:
1. Trusted Platform Module (TPM) security chips to establish automatic and transparent authentication of authorized network devices and users,
2. Self-encrypting hard drives (SEDs) to ensure unbreakable protection of data “in the wild,” and
3. A software management platform that puts both encryption and device authentication at the fingertips of a centralized office, providing proof of compliance with data breach laws
Of these three tools, the first two are already well-established, cost-effective and either installed on most enterprise-class laptops today or readily available as an option. Further, they are activated in a few simple steps. Most importantly, applied together, this trio of tools can restore the basic tenets of security on today’s mobile network where it’s most vulnerable – at every end-point.
Page 3
Network Security: How to Defend an Infinitely Expanding Frontier
Page 4
Trusted Platform Modules: Myths and Methods
The term Trusted Platform Module (TPM) is not well-known to many IT professionals.
Defined simply, it is a security chip attached to a computer’s motherboard, thereby
integrating security functionality directly into the device’s hardware. Because the TPM
chip is physically part of the device, it is uniquely suited for creating and verifying strong
device identities and ensuring only authorized access to networks. Indeed, the business
case for TPM is fundamentally the same case for strong, fully automated and transparent
authentication of both devices and users on the enterprise network.
Unfortunately, IT managers who have looked into TPMs
have probably encountered widespread misconceptions
about the technology. Without exception, these
perceptions arise either from a fundamental
misunderstanding of what TPMs are, how they’re meant
to be applied or what the security needs of the modern
enterprise network truly are.
One of the most common myths presents TPMs as a
bleeding-edge technology. In reality, they’re probably
already present in excess of 90% of an enterprise’s total
PC population. Leading vendors, such as Dell, Lenovo and
HP, have been including TPMs as a standard component
on all their business-class notebook and desktop
computer lines for many years. And TPM-equipped
laptops now comprise the vast majority of units in use.
By the end of 2010, the percentage will approach 100%.
Another misperception cast onto TPMs is that hardware
security is overkill when compared to “good enough”
software solutions. Despite these lingering assertions,
other hardware-based solutions, such as RSA SecurID®
tokens, have enjoyed explosive growth over the past
decade and are now in use by some 25,000 businesses
who rely on them on a day to day basis. The extra
degree of security that hardware tokens add over
software helped justify their adoption – mostly to secure
remote user access.
Ironically, however, this success has also exposed the downside of tokens, namely that
their total cost of ownership increases in proportion to the number of employees using
them. While a viable solution when used by an organization’s small population of frequent
flyers, tokens have become increasingly expensive to acquire, deploy and replace as
enterprise laptop use has expanded. In addition, one-time password tokens are not
natively supported by Windows, which imposes two separate pathways for users logging
into the corporate network: Logging on via a virtual private network (VPNs) requires
users to have an OTP token, but, when users log on within the firewall (wired or wireless),
they must provide a different credential, such as a password or smart card. In general,
enterprises prefer to adopt a common user authentication experience to cut down on
confusion, lost productivity and associated IT maintenance and help desk costs.
Can your current authentication
solution do this?
Strongly authenticate both the device
and its user
Provide 2-factor authentication without
any incremental hardware acquisition,
deployment or maintenance costs
Be fully activated and operational in a
matter of minutes
Seamlessly integrate with your existing
VPN and wireless infrastructure
Present a common user experience both
outside and inside the firewall
Network Security: How to Defend an Infinitely Expanding Frontier
Unlike OTP tokens, which only verify users, TPMs automatically authenticate devices trying to access the network. They are, in effect, built-in hardware tokens. Often pre-installed on a new laptop, they impose no incremental acquisition costs, and eliminate the “hard” deployment expenses that tokens incur. Thus, TPMs lower the total cost of ownership. More importantly, they are transparent to the end-user who then needn’t keep track of additional hardware. For IT staff, that translates as reduced costs and fewer help desk calls stemming from lost or forgotten tokens.
Further fallacies about TPMs stem from concerns over privacy, since they potentially provide a remote source with insight into how a laptop is being used. These concerns, however, confuse standards for consumer-level privacy with the more rigorous demands of protecting an enterprise network. Of necessity, corporations must place a higher priority on network integrity and compliance than on user privacy. Indeed, many corporations are required by law to ensure hackers cannot access the private client and customer information stored on their networks. That requires IT staff to be able to strictly manage PC usage and access, and mitigate and report data leakage.
In this context, the absence of TPM functionality on the enterprise network increases the threat to privacy. Most enterprise network end-users grasp this reality and readily accept security solutions built into their devices to ensure security policy compliance — from Web filtering, to policies about opening email attachments. Requiring an employee to access critical network resources using a company-authenticated machine with a TPM institutes an automated level of security that does not rely on the user’s habits.
As we debunk these myths, a picture evolves of what a TPM is not. But perhaps the biggest issue that TPMs struggle against is the general lack of understanding about what, exactly, they are, and what they enable in the modern enterprise network. By way of illustration, consider the design of mobile, cable and satellite networks – among the fastest growing and most secure networks today. All of them establish the identity of the end-point device as the primary basis for network security. More recently, the Apple® iPod, iPhone and iPad networks have also placed device identity as the key element for network access and delivery of services. In each of these cases, the network design principle is simple: Only “known” devices are allowed to access sensitive network resources. Another key design element is that the device identity is stored in, and protected by, hardware, not software. It therefore provides a permanent, protected identity for the device.
In similar fashion, TPMs are hardware specifically designed to report on the state of a PC to ensure both the security and privacy of the user, while also protecting the integrity of the network. Hence, authentication is generally the first and most intuitive application of the TPM with an enormous impact upon end-point security. The vast majority of today’s enterprises can activate TPMs already embedded in their current laptop fleet to strengthen security for VPNs and for wireless access. Also, as more users work remotely or access data and services online, TPMs can help ”lock down” access to data to ensure only known devices are downloading email, financial documents, intellectual property and other sensitive information. While just one use of the TPM, this application has tremendous impact upon securing the cyber infrastructure.
Page 5
Network Security: How to Defend an Infinitely Expanding Frontier
2 Ponemon Institute, Fourth Annual US Cost of Data Breach Study, 2009.
Page 6
The TPM also holds great promise with the rise of Cloud Computing — an emerging
application platform that truly begs multiple questions: Who has access to the service?
What data is being accessed, copied and distributed? Can organizations use Cloud services
and remain in compliance with data protection laws?
A TPM does not inhibit access to Web services and content through traditional security
methods. It does, however, offer a hardware-based trusted connection where both the
PC and the server can exchange information under the strictest confidence, verifying that
the opposite party really is who they claim to be. The TPM is a hardware token — only
enhanced and embedded into the motherboard of the PC.
Self-Encrypting Drives: Securing Data-at-Rest
Establishing strong device authentication to prevent unauthorized access to your network
is only one layer of an information security strategy suitable for today’s landscape. The
second is establishing impenetrable data security on the enterprise’s mobile devices. As
stated earlier, data need only be potentially compromised to impose significant costs to
the enterprise. According to a recent study from the
Ponemon Institute2, a security breach resulting from an
errant laptop can cost the enterprise around $200 per
record stored on that laptop. The study further observed
that the average organizational cost of a data breach in
2008 was about $6.5 million dollars, depending on the
public profile of the breach and the regulations that apply.
While the cost of a full disk encryption solution may vary,
on average they cost around $100 per seat in volume.
As we established earlier, encryption software has not
adapted well to the needs of today’s increasingly mobile
network. By comparison, self-encrypting hard drives
(SEDs) offer protection that is always on; the keys never
leave the drive, while assuring compliance with data
protection regulations.
How self-encrypting drives work is simple: Incorporating
a closed and independent architecture, they include
their own processor, memory and RAM, and impose
very strict limits on the code that can run within their
architecture. Encryption and decryption of data occurs
in the drive controller itself, rather than relying on the
PC’s host CPU.
Every SED reserves a small block of internal memory
isolated from the rest of the drive. These “protected
partitions” securely house encryption keys and user
Can your current encryption
solution do this?
Be fully activated and operational in a
matter of minutes
Create an impervious shield against
software attacks
Protect encryption keys in the drive’s
controller chip
Remove IT overhead for key
management
Operate without degrading drive
performance
Network Security: How to Defend an Infinitely Expanding Frontier
access credentials. Once the drive is unlocked, data will flow normally in and out of the drive. If you are an authorized user, you can access the data. If you are not, the drive will not grant access and the data cannot be obtained by any other means, such as traditional software-based attacks via malware and rootkits.
Since the encryption key is created onboard the drive during manufacture and never leaves the drive’s protected hardware boundary, it is impossible to steal and it is immune to traditional software attacks. No software – malicious or otherwise – can run on the machine until the drive is unlocked and the OS is booted.
The “baked in” encryption of data also provides logistical and cost of ownership benefits over software solutions. Because encryption keys never leave the hard drive, there is no need for IT staff to spend time or money managing keys, or building key escrow and backup programs.
Finally, SEDs do not draw on a machine’s memory or processing resources, thus avoiding the marked degradation that software solutions often impose on system performance. A study by Trusted Strategies LLC showed a commercially available SED performed as well as a standard drive and handled large-file operations nearly twice as fast as three drives equipped with active software-based encryption.3
Like TPMs, SEDs are often regarded as an emerging technology that is not yet widely available. Again, however, the opposite is true. Leading hard-drive manufacturers including Hitachi, Samsung, Seagate and Toshiba all offer commercial SEDs. Further, these manufacturers are building SEDs that conform to the Trusted Computing Group’s Opal standard – the industry benchmark for interoperability and reliability. In addition, PC vendors like Dell and Hewlett-Packard offer SEDs as a basic storage option. And, on average, specifying an SED from Dell costs about tens of dollars more than a comparable non-encrypting drive. Other leading computer manufacturers like Lenovo and Panasonic also offer SEDs on select machines.
SEDs are also supremely easy to implement. In the study cited earlier by Trusted Strategies4, software encryption tools took anywhere from 3½ to 24 hours to fully encrypt a hard drive. In contrast, a corporate IT department can phase SEDs in with the purchase of each new machine. Since the drive comes built-in and with encryption on, there is virtually no IT overhead or machine downtime required to turn on data protection.
SEDs are a natural complement to TPMs. Both technologies shift fundamental device security functions to a hardware environment. This not only extends the strongest security possible to the network’s end-points, it also lowers the cost of ownership for laptops equipped with hardware-based protection. Plus, SEDs and TPMs both help circumvent software’s intrinsic logistical, system performance and compliance issues.
3 Trusted Strategies LLC, Hardware Versus Software Full Drive Encryption. 2010
4 Trusted Strategies LLC, Hardware Versus Software Full Drive Encryption. 2010
Page 7
Page 8
Network Security: How to Defend an Infinitely Expanding Frontier
Restoring Centralized Network Security: Remote Management
TPMs and SEDs help restore a high level of confidence to the end-points of the enterprise
network. They ensure that data stored on mobile devices will remain secure even if the
device is lost or stolen. And they guarantee that all devices and users trying to gain access
are authorized to do so.
Another element of modern information security ties these two elements together and
returns full management and accountability for all network end-points to a centralized
corporate authority. More importantly, this third element is the one that restores the
corporate enterprise’s ability to define its information security as an enforceable policy
rather than a strategy.
The phrase “central management of end-point security”
covers a lot of territory, and it doesn’t help to narrow
the definition by explaining that the enabling technology
takes the form of software and remote servers. Perhaps
the best way to define what the term means is to
describe the three basic key capabilities that any solution
should provide: policy-based access controls, centralized
administration and proof of compliance.
Despite all the challenges posed by an increasingly
mobile and remote workforce, today’s corporate IT
managers are still expected to centrally provision security
policies to end-points across the enterprise, limit access
of encrypted information to authorized individuals
and remotely manage user credentials. Plus, most
importantly, they must demonstrate their organization
was, and is, compliant with regulations in the wake of
a security breach. Establishing a data security policy
isn’t enough; IT managers must be able to prove provide
proof that their policy was implemented and enforced.
Not surprisingly, client application software has evolved
in support of hardware-based security solutions. These
solutions go beyond software FDE products that have
been “modified” to support self-encrypting drives.
Instead, they were designed from the ground up with
only hardware security in mind. This means that there
are no back doors and no security vulnerabilities that
might have been introduced in “adapting” the code to
support hardware.
Can your current security
management platform do this?
Centrally initialize the security features
of an SED, lock it and assign users and
polices in minutes
Automate TPM activation, ownership and
key management
Prevent users from disabling encryption
or changing SED security policies
Report on SED security profiles for
proving compliance
Instantaneously disable TPMs – locking
out “at risk” users and devices
Network Security: How to Defend an Infinitely Expanding Frontier
Such applications, available from Wave Systems, are designed to support all the on-board security features of TPMs and encrypting drives. For example, Wave Systems’ EMBASSY® software is the only ISV that verifies pre-boot user credentials in the “secure partitions” of self-encrypting drives – thus enforcing policy-based access controls whenever a mobile device is powered on. It also supports a secondary external (USB) self-encrypting drive, as well. An additional feature is the support of Windows® single sign-on, which minimizes the number of passwords that users need to remember (and the frequency of help desk calls). Additionally, integration with Windows password update allows the drive access policies to be automatically updated with the OS, ensuring compliance with company password policies.
Wave software also helps maximize TPM security features, such as the ability to move software-based digital certificates to the TPM environment, effectively converting them to hardware certificates. On a broader scale, this allows enterprises to set up hardware-based PKI environments. IT administrators can direct their enterprise VPN servers to only authenticate machines with hardware-based certificates, thus prohibiting users unable to verify credentials to their local hardware from logging onto the domain or network.
For enterprise-wide deployments of TPMs and/or SEDs, Wave’s EMBASSY Remote Administration Server (ERAS) provides robust policy management of users, credentials and access rights from one central location. Through native integration with existing directory structures and policy distribution mechanisms, assigning users and associated policies can be performed within the directory framework – dramatically simplifying deployment.
Today’s data protection regulations demand that organizations can prove that adequate protection measures were in place, should a breach occur. Hence remote administration servers should deliver security logs and robust reporting capabilities to ensure compliance verification.
ERAS also provides support for ALL commercially available TPMs, including Intel® vPro. Instead of enabling TPMs machine by machine, such infrastructure tools help IT staff to activate, take ownership of and manage TPM policy over the entire enterprise from a central location. Once TPMs are available on the network, an enterprise can use any standard certificate authority and Wave’s EMBASSY software to create hardware-based digital certificates for its VPN, wireless or other PKI enabled application – providing high security of the private key functions and the capability to assure device identity.
Page 9
Wave Systems Corp.
480 Pleasant Street, Lee, MA 01238
(877) 228-WAVE • fax (413) 243-0045
www.wave.com
Copyright © 2010 Wave Systems Corp. All rights reserved.
Wave “Juggler” and EMBASSY® logos are registered trademarks of Wave Systems Corp. All other brands are the property of their respective owners. Distributed by Wave Systems Corp. Specifications are subject to change without notice.
03-000273/ version1.02
Network Security: How to Defend an Infinitely Expanding Frontier
Page 10
Summary
As the enterprise workforce continues to expand beyond the corporate firewall, the fundamental goal of IT administrators remains the same: To protect the integrity of the network by ensuring the security of all data, users, devices and applications – from the network’s central servers all the way out to every scattered end-point. Most companies rely on a small arsenal of solutions to address this increasingly complicated landscape. Hardware-based security is not only the most powerful solution, it is also the simplest.
IT organizations that care about which PCs they allow on corporate networks have found that the first step is to leverage the TPM for machine authentication. We’ve seen organizations turn their TPMs on to strengthen security for VPNs and for wireless access. And, as more users work remotely, and access data and services online, it becomes even more critical to manage their access to ensure only known devices with known security profiles are downloading email, financial documents, intellectual property and other sensitive information.
Meanwhile, the need to secure data “in the wild” and prove compliance with notice of breach regulations has distinguished SEDs as the best-in-class option for data encryption. Designed, from the ground up, with their own secure environment, these self-contained devices offer the most secure and best-performing full disk encryption solution commercially available.
Finally, in today’s connected world, a complete data protection solution requires more than solid authentication and encryption. Policy-based access controls, centralized administration and proof of compliance are all “must haves.” Organizations need to be able to centrally provision security polices across the enterprise, limit access of information to only authorized individuals and, perhaps, most importantly, today’s IT administrators must prove that security was in place in the event of a data breach. Wave’s EMBASSY software, expressly designed to support SEDs and TPMs, provides all of the above mentioned capabilities and more.
Expatriate, quite the contrary -- there is quite the gap between the NBA and any other level of basketball. 50/60 deals is a pretty generic comment. What size of a deal are you using in your analysis?
ExPatriate,
You lost credibility with me on your 50-60 deals comment.
Also, I have been playing basketball for 35 years -- I was never close to making it to the NBA.
Helpful,
thanks for sharing.
helpful,
did you learn anything new or was it confimation of what you already knew?
John
1260,
the bigger news with PWC IMO, is the fact that a large institution is broadly deploying TPMS for network authentication. PWC is just the beginning and a very larg-scale validation pt.
John
Awk,
that is spectacular news. If you wanted or needed another confirmation pt, you just got it.
John
Wavxmaster,
a well articulated message. This is no longer a science project.
John
Some new Wave videos too:
http://www.youtube.com/WaveSystems
Dory,
I think there is a lot at work here in addition to the investors who are gaging progress based on day to day share price movements. Investors have the right to expect returns -- obviously that's the pt. of investing. That being said, I do not think share price always tells the tale and many fortunes are made by ignoring the herd.
From my perspective the share price will do what it will do for now, but I personally expect there to be some nice movements the other direction in the relative near term minus a market meltdown.
People who get every share price movement right exist only on the internet. Until I meet one of them in person, I'll stick to common sense.
John
Dory,
I think it is the other way around. There is enough demand at $2.00 to keep us at $2.00. There are some reasons for supply at $2.00. Minus a market meltdown, I suspect things will improve dramatically in the next 60 days, but let's see what happens at $2.00 first. All in my opinion.
John
I think we can all take away the fact that we should expect to see continued growth for the foreseeable future. Obviously the pace of this growth has not inspired the kind of buying everyone would like to see, but the opportunity pipeline is growing which will serve to reinforce the growth cycle. It is no longer just Wave and a limited circle of techies who believe this tech is for real. The inflection point is still in front of us, but now we have the comfort of growth and new business to soften the dissatisfaction of the pace of the journey.
John
Awk, Ramsey, or someone else with reasonable knowledge on Dell SED drives -- is there anyone available to answer a few questions off-line?
TIA, John
Internet,
unbiased journalism is an oxymoron, especially in the digital age...promoting one's agenda is the new norm. It will be interesting to see what will happen if Wave announces something that moves the stock in the near term. I think there is a lot of pent up demand.
John
Tinypinetree,
I do not think anyone put too much into it. Judging by the limited trading, it seems it was generally ignored by shareholders. To your specific pt, I agree...it was worthless at best.
John
Ramsey, were you able to get a 500 gig encrypted drive? I was told they can only get a 250 gig drive. I know seagate makes them in 250 gig increments up to a terabyte. The Dell sales people are woefully under educated on all of their product offerings.
john
Ramsey,
thanks -- will do. I thought it was simpler to do on-line in the past.
John
Dell SED drives:
Does anyone know how/where to choose the SED drives from Dell. I had no prob finding when I was looking...now I am trying to buy and cannot find where I can choose the SED option.
Thanks in advance.
On seperate note, things still look good to me.
John
There are plenty of reasons to believe upward pressure will continue. No need to raise capital with rising revenues in a growing sector.
Lugan,
there is an opinion. The documentation is a blog.
John
Waveytrain,
imo, we are not that far away from breakout 2.0 minus a major drop of the broader market.
Berger interview:
Encino,
hmmm...the share price has been rallying and still remains close to five-year high levels. All of the technicals have looked good on Wave for quite some time and as a result many day traders began watching as evidenced by a bunch of new handles on the board. Some claiming they do not even know what the company does. At that pt, buying begets more buying. Once the "easy money" opportunity disappeared, the day traders pulled back and probably some nervous nellie wavoids as well. Fortunately, for long-term holders there is a lot more to this story and more good things brewing. I have a hunch we will see day traders returning in tighter and tighter intervals. All the pieces are in place for continued, steady, increased growth. This will be interesting. Count on it.
John
Awk,
you're the first person to put out a likely PE in a while. I have seen a lot of speculation that Wave's PE will be like Ford's or GM's.
Now we just need to continue to improve the E.
Donald, day traders will always buy hot stocks. Institutions report holdings. Wavoids and daytraders do not.