Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Thoughts on HP’s Delay on Seagate Drive
While waiting for the flu to subside I entertained myself by mulling over this intriguing puzzle, trying to clarify the possibilities, trying to see if this can be figured out. This is a long post and only the ruminations of a non-expert....
There seem to be three categories of explanation:
1. They’re not ready.
2. They’re in no rush.
3. They’re waiting for something.
So, to expand on these:
1. THEY’RE NOT READY
They’re just not ready yet; they’re working on setting it up. After all, NEC just got going, and Dell’s start was so slow as to make you wonder how ready they actually were until recently.
2. THEY’RE IN NO RUSH
This category could also be called “waiting for demand.” A scenario like this: HP sees their SafeBoot bundle as a competitive advantage. Their customers are not asking for the Seagate drive, they are happy with SafeBoot. Customers may not even have heard of hardware-based FDE, and if they have, they appear to believe that even if it is more secure, software FDE is secure enough to protect data and cover companies legally. When demand heats up, or if HP believes they are losing customers, or if some kind of clear evidence emerges that only hardware encryption will satisfy legal requirements, HP will offer the Seagate drive.
Problem with this explanation: Why not offer it now anyway? No sense just sitting there and letting Dell get the jump on you. Also, in the Q3 cc Q&A, SKS indicated that there are software FDE customers who are not at all satisfied: “We also have customers where they have an existing software full disk encryption and they are just ecstatic that there is a something that is a better solution with hardware.”
3. THEY’RE WAITING FOR SOMETHING
Waiting for Something Concerning Hardware.
--- Preferred Hardware Supplier. They are waiting for a preferred supplier such as Hitachi to come forward with their full disc encrypting drive.
Problem with this explanation: it would mean HP is rejecting Seagate even as a second-source supplier. Otherwise, why not offer Seagate now while waiting for the preferred vendor?
--- Drive Supply Shortfall. HP doesn’t believe Seagate can get them enough product to satisfy their customers. They don’t want to offer something they can’t deliver.
If this were true, it might explain Dell’s slow start and NEC’s late entrance. But if this were the case, you would think SKS would have told us. It would be too important as an explanation for Q3’s poor results to keep quiet about. Of course, he didn’t throw Dell under the bus for Q3 so I guess he wouldn’t turn on Seagate either….
--- Desktop Version. They’re waiting for the desktop version so they can offer their customers a full-line solution.
This is from the interview with Intel’s Steve Grobman, right near the end. The link is in Taxi vader’s message # 156521: “The other big thrust that we’re amazingly excited about is extending our full set of vPro technologies into the mobile segment. I think as I said this morning IT doesn’t buy desktops and notebooks. They buy business lines. Some have to be desktops, some have to be notebooks. As I’m looking at the problem in that way and making sure that the same solutions are available in both product lines - will give both the end IT guys and ISV’s like Altiris and Symantec the ability to develop a broad set of business products targeted at solving IT’s problems.”
This is a possible explanation, but it seems remote.
Waiting for Something Concerning Management Software.
--- Preferred Management Software Supplier. They’re waiting for SafeBoot/McAfee to develop management software for the Seagate drives.
As we know, SafeBoot encrypts laptop and desktop hard drives as well as other devices, and manages this from a central console. If SafeBoot were to also manage the Seagate drives, HP could trump Dell by offering customers the world’s most secure notebook as part of a complete, unified encryption solution: hardware encryption for new laptops (for those that recognize its value) plus software encryption for their legacy laptops, desktops, and other devices, all with one central management console.
SKS said in the Q3 cc that some of the delay in purchases was occurring due to customers having to decide how to encrypt their legacy machines, so we know this is a concern for at least some customers. (“There are those that do not yet have any form of data protection solution and so they’re trying to figure out what to do. And clearly hardware-based full disc encryption is a great way to move forward, but they also have to address how they’re going to handle their legacy installed base.”)
We also know from SheldonLevine’s post # 155927 that SafeBoot is working with Intel on vPro, which tells us they are not blindly committed to their software encryption and ignoring everything else.
This certainly is the most substantial reason and seems like a compelling argument, assuming that SafeBoot could have assured HP that it won't take forever.
Dell Countermeasures: If this did happen Dell could respond by aggressively marketing the TPM and Wave’s TPM-based security solutions. Or Dell might try to prevail upon McAfee (already working with Dell) to add support for Wave’s software to their management console, something McAfee is doing with other companies’ software.
++++++++++++
Anyway, based on this it looks like the most likely explanation is either that HP is just not ready or they’re waiting for SafeBoot. I guess we’ll know soon enough.
Genz, I think, given Wave’s potential,
that $150 million is way too low, also. But I chose that number because it is twice the current market cap, and I wonder if Boards can refuse that kind of a premium.
Possibly this needs some research. I guess they could refuse anything they thought wasn't fair, and in Wave's case, I doubt that shareholders would object if the Board did refuse such an offer.
It's also worth noting that McAfee paid only $350 million for SafeBoot, and SafeBoot has over 4,000 customers, was profitable, and expected about $60 million in revenues next year.
SafeBoot/McAfee Watch
I’ve been looking into SafeBoot/McAfee ever since I learned on the board that SafeBoot has central management and auditing capability, and one of the reasons I’m posting this is that I hope that some of the people on the board with more expertise will take an interest and try to assess the McAfee situation.
Clearly things are moving in Wave’s direction. But McAfee’s purchase of SafeBoot, to me, changes the competitive landscape.
I see three fairly obvious possibilities for McAfee, with their new (April ’07), young, and aggressive CEO. I believe they will do one of the following:
1. PARTNER WITH WAVE
-- McAfee wants their central management console to be all-encompassing for their clients, as they know companies don’t want to be juggling a lot of different central management consoles for security.
-- McAfee could license Wave’s software to run on their console, as they are enabling their console to run other company’s software. (I can’t remember in which of the things I listened to or read that I heard or saw this.)
-- I think this is the best scenario for Wave, but the least likely. It would be reminiscent of IBM licensing Microsoft’s O/S rather than buying it or writing their own (which I guess they didn’t do because of time constraints?)
2. BUY WAVE
-- McAfee has over $1 billion in cash
-- They want to do more small acquisitions.
-- Can they make an offer that Wave’s Board can’t refuse? I don’t know much about a Board’s fiduciary responsibility and all that, but, for example, could the Board refuse $150 million, twice the current market cap?
-- If Wave had thousands of customers, I think this would be the most likely scenario. But Wave doesn’t have many customers yet.
3. DEVELOP CENTRAL FDE HDD MANAGEMENT (AND LATER, TPM MANAGEMENT) SOFTWARE IN-HOUSE
-- Where SafeBoot might not have done this on its own, McAfee almost certainly will (that is, if they don't partner with or buy Wave or one of the small companies that also are working with Seagate). As far as I can tell from their conference calls, they want to take over the world security-wise. They would have to be fools not to see that hardware encryption is better than software and that many of their customers will want it for new machines. This, I think, is the most likely scenario. They would be a formidable competitor.
-- Note that even if this does happen, Wave can find its way to viability, as there are lots of customers out there.
+++++++++++++
Note also that if McAfee partners with or buys Wave, or develops its own FDE HDD management software, this would answer the puzzling HP question.
+++++++++++++
As I said at the beginning, I hope that that some of the people on the board will take an interest in McAfee (or other possible competitors) and try to assess the situation. I know that it’s easier for me to look at competitors because I have only been invested in Wave for about 8 months, not 8 years (though I have managed to lose half my investment in that short time).
As the encryption market heats up and Wave finds itself in that market, the whole competitive scenario is now becoming more interesting and important. The more we know about it, the better off we will be.
Answer to ERAS Question; Help for timmers?
Part of my post #155641 was as follows:
“...from Wave’s Q2 CC on seekingalpha: “But one of the key aspects of this is that when an ERAS server is put in administrative control of a remote drive, it's impossible for a local administrator to turn off the encrypting capability of the drive without going through the server...."
1. Re ERAS: Does this mean that a local administrator CAN “turn off” encryption, but it will be known because they are going through the server? Or does it mean that they can’t do it without some sort of higher-level sign-off because they are going through the server?
++++++++++++++++++++
The answer was provided in the last question in the Wave, Seagate, ASI “Laptop Data Security, Learn How It’s Done” presentation, the link to which was provided by xxxxcslewis in post # 155996 and #156129.
Also, there are some interesting statements about the simplicity of the environment supporting its tamper-resistance, and the ability to have local administrators who can perform some tasks but can’t affect the encryption.
Q. How are passwords and keys managed in the drive?
SKS. So, in that sense what happens is, inside the encryption engine in the firmware that drives the encryption engine, is a combination of both encryption and access control. And so access control basically has a list of authorized users and their passwords and that list is the list of users who can use that specific drive. And there’s both the concept of users as well as administrators. And so if I’m a user and I log in, I provide my user ID and a password, it gets checked in the access control list, and if that functions then the key is permissioned to be in essence inserted into the encryption engine and the data on the drive can be now encrypted and decrypted.
The purpose of the administrative function is to then take advantage of these other features of the Drive Trust Technology, for example secure erase, changing users and passwords, etc. And so I can set an administrative password that would allow me either, in the case of a local machine where it’s not centrally administered ____ local administrator actually typing into a specific machine. Or if it’s centrally administered then what we actually do is turn off local administration and move all the functionality to the central server, and by doing that only the central server’s then got permission to turn the drive’s encryption, for example, off and on or change specific users.
And one of the reasons we do this is that it generates this secure audit because now we have a very tamper-resistant client environment. I know it’s always going to do what it’s asked to do because it’s a very simple operating system. I don’t have millions and millions of lines of code like you do with a Windows environment. I just have to ensure that this little simple machine is capable of doing its task.
And the administrative server, which will log every command that’s sent to every individual drive so that the corporation can prove that this drive was turned on on the first of July at this time and it was either never turned off or it was turned off for a day at this point in time for some reason and these were the users installed. And so you really have a very strong audit capability because now I know the state of the local machine and I have all the commands centrally administered from a centralized server. And so that ultimately helps us to both manage the passwords and the keys of the drive.
So you have a solution that can scale to hundreds of thousands of users as part of their existing Active Directory solution and really secure the enterprise all the time regardless of whether you have a local administrator who might have the ability, for example, to install a new version of Windows or change your applications or do all those things, but there’s nothing that the local administrator can do that will affect the protection of the data on that machine. If five minutes after the administrator’s done you boot the computer, you know that the state of that computer is good and that the drive is protected.
I think it is interesting to put the Ohio SafeBoot purchase in context. (I also think it might be worthwhile in general to pay attention to SafeBoot, as I wonder if they might not become a strong competitor: is there any barrier preventing them from expanding the capability of their “Management Center” to manage TPM’s?)
The first link is to the October 1 PR announcing that SafeBoot won the contract for the U.S. Department of Agriculture, which also mentions the states:
“The DAR initiative, besides making enterprise-class encryption technology available to all federal agencies at very aggressive pricing will, for the first time, provide these capabilities to state and local governments. To date, five state governments have signed on with the SafeBoot-Spectrum promotion.
“SafeBoot, together with Spectrum Systems, is proud to be selected as the first recipient of the DAR enterprise-class encryption initiative for deployment throughout the agencies of the United States Department of Agriculture,” said SafeBoot CEO Gerhard Watzinger. “SafeBoot recognized that state and local governments have had to struggle for the opportunity to purchase encryption in higher volume and we are pleased to extend this opportunity and help build this critical part of our nation’s infrastructure.””
http://www.safeboot.com/press/Repeater_DataSource_newdb.aspx?NewsID=110
The second link is to an article about the Ohio purchase, which mentions other potential customers:
“The state has reached a purchasing agreement with SafeBoot, software that can protect data on laptops, memory sticks, CDs and other data storage devices…. Besides state agencies, city and county governments, schools, colleges and universities will be able to purchase the software at a discounted price through the state."
http://www.examiner.com/a-1092553~State_chooses_encryption_software_to_protect_data.html
Too bad Wave can’t hire their marketing people.
Questions re ERAS Audit vs. SafeBoot Audit
This is from Wave’s Q2 CC on seekingalpha:
“But one of the key aspects of this is that when an ERAS server is put in administrative control of a remote drive, it's impossible for a local administrator to turn off the encrypting capability of the drive without going through the server. As a result, we have a very strong centralized audit log that a machine has a drive in it, the drive is either in encryption mode or not in encryption mode.”
1. Re ERAS: Does this mean that a local administrator CAN “turn off” encryption, but it will be known because they are going through the server? Or does it mean that they can’t do it without some sort of higher-level sign-off because they are going through the server?
2. Re SafeBoot’s auditing capability: Does anyone know whether a user can turn off encryption with SafeBoot and other software-based encryption? And secondly, if they can, would it be known by the Management Center?
I wonder if there is anyone here who can provide clarity on this? This would give us (and timmers’ company) a better understanding of what kind of protection and what kind of audit trail SafeBoot is providing. Is it the equivalent of ERAS or something less?
oclv99, just for clarity, the revenue numbers are go-kitesurf’s.
Not to put words in anyone’s mouth, but I think his point was that if Wave can add $1 million in revenue in Q4, the trend should be towards getting to at least break-even by Q2 ’08. And if they do that, then their current cash should be able to see them through. (So I guess in a way I shouldn’t have bothered about the strict accuracy of the figures because he was probably making a general point and could just as easily have used slightly higher revenue figures to make his point.)
Anyway, you seem to be agreeing with that point of view, or you are saying that if they can give assurances that they will be at break-even by Q2 or Q3 they could get cash on decent terms before then if they need it.
I hope that is true. It's possible, though, that until a company actually IS sustaining itself that it’s hard to raise cash on decent terms. You have to wonder, for example, if bankers would be willing to loan Wave money unless they could see actual contracts that would come into play in the next quarter or so. Mere guidance from SKS might not be enough.
My feeling is that, aside from some tax selling, it is the prospect of another cash raise that is affecting the stock price. So I just hope Q4 is an upside surprise, or that January (Dell's final Q4 month) is a blow-out.
An error in my previous post.
I forgot that there were non-cash expenditures included in the COGS and in the opex figures. In Q3, a total of $543,000 for stock-based compensation and $95,000 for depreciation and amortization. (By far the lion’s share is in opex, so I will put it all there for convenience.) Relying on Q3 numbers, that would change the forward results as follows.
5.8 Cash opex in Q3
88% Gross margin in Q3
7.8 Cash at the end of Q3
3.0 Projected revenue in Q4
2.6 Gross profit
4.6 Cash at end of Q4 (7.8 + 2.6 – 5.8)
(vs. 4.0 in previous post)
4.0 Projected revenue in Q1
3.5 Gross profit in Q1
2.3 Cash at end of Q1 (4.6 + 3.5 – 5.8)
(vs. 1.1 in previous post)
6.0 Projected revenue in Q2
5.3 Gross profit in Q2
1.8 Cash at end of Q2 (2.3 + 5.3 – 5.8)
(vs. 0.0 in previous post)
I fear, however, even with this change, that they would need to raise cash in Q1 at these revenue levels.
(Cash levels are also affected, of course, by things like receivables and payables, and SKS has mentiioned that one reason why they pay management partly with bonuses is so that they can time those payments, and thereby manage cash levels to some degree....)
go-kite
Unfortunately, based on your revenue projections Wave doesn’t have near as long as you project to gain traction before it needs to raise cash again.
-- As 24601 pointed out, cash at the end of Q3 was $7.8 million
-- Operating expenses in Q3 were $6.4 million
-- You are forgetting Cost of Goods Sold, which in Q3 produced a gross margin of 88%
I think this is the correct way to figure it, using Q3’s operating expenses and gross margin:
6.4 Opex in Q3
88% Gross margin in Q3
7.8 Cash at the end of Q3
3.0 Projected revenue in Q4
2.6 Gross profit (88% of 3.0)
4.0 Cash at end of Q4 (7.8 + 2.6 - 6.4)
4.0 Projected revenue in Q1
3.5 Gross profit in Q1 (88% of 4.0)
1.1 Cash at end of Q1 (4.0 + 3.5 - 6.4)
6.0 Projected revenue in Q2
5.3 Gross profit in Q2 (88% of 6.0)
0.0 Cash at end of Q2 (1.1 + 5.3 – 6.4)
At these revenue projections, Wave would most likely raise money in Q1, and these figures assume that operating expenses don’t increase.
Yeaiknow, Seagate/Vista compatibility
Thanks for your response.
Aside from an occasional call to IR, I get all my information from here on the board or from links posted here.
A number of prior posts alluded to the fact that the Seagate drive worked only with XP, and that it was a problem that Microsoft needed to fix, not something Seagate could do. For example, this is from weets’ post #152557 from 10/02: "FDE/Vista compatability is coming & I believe SP1 should be the answer. This was strictly a Microsoft problem, Wave & Seagate were good to go."
Based on go-kitesurf’s post #155260, I’m glad to hear that it now works with Vista.
timmers, a few thoughts
I'm not an expert, but I'm going to throw my two cents out there again.
On the one hand, this question is complex in the sense that there are a number of byways that would need to be addressed:
-- the fact that HP does not yet offer the FDE drives
-- the fact that the Seagate drives do not yet work with Vista
-- whether all your SafeBoot implementations are storing keys in software vs. in the TPM
-- the fact that using software encryption for legacy machines is possibly the best solution vs. retrofitting FDE drives, which I believe SKS himself acknowledges. (Note here that I think you need to make it clear that you are suggesting Seagate/Wave for new machines.)
But putting those things aside, it seems to me that it comes down to the following:
Since your IT department doesn’t seem to mind the performance degradation from software encryption or the possible inconvenience surrounding installing new software, it comes down to two things:
1. Is the data safe?
Are encryption keys that are stored in software hackable, as SKS said in his post?
2. Is the company protected?
Will software encryption prevent the necessity of reporting a stolen laptop?
(Possibly the answer to this is not yet known.)
I think both of these things would need to be thoroughly researched by you or by your compliance people before they could have a useful conversation with the IT people. (Or Wave would have to address these two questions fully.)
Just a note on the “in hand” phrase
Initially I thought that “business in hand” meant customers who were committed to buying the software (which would essentially make SKS a liar). But I happened to be re-listening to the Q2 ’07 CC and he used the term there to mean “active prospects.” This is how he answered a question about the size of the sales force at about minute 40:
“I think part of that is also just even on the sales force side. If you look at the sales guys today, they are at or reaching capacity to manage the accounts they have in hand today, and so that's something we are very focused on now.”
It still means that SKS and his sales force aren't very good at judging propects' intentions, so your point that "we have no way of knowing where we are" may be very true.
timmers, article by a lawyer
A link to this article was posted by Dory in message #152268. Dory described New England In House as “a magazine for corporate in house counsel.”
This article is not specific to Safeboot but it is specific to software encryption vs. hardware, and it mentions the Seagate drive and Wave.
It is concise and well-written, the author is a lawyer, and it might be the perfect article to give to your lawyers. I think it clearly makes a lot of points that you want to make and your lawyers may be very happy you gave it to them.
(It also covers the use of the TPM.)
http://www.newenglandinhouse.com/gateway.cfm?id=591
Preventing a ‘CNN Moment’
By Jeffrey J. Upton
Reports of data theft are on the rise, and whether the actual number of incidences has been rising, we are hearing about it more and more.
The response has been yet more legislation, FTC enforcement actions and a growing list of class actions filed by consumers and banks.
Most states, following California’s lead, have passed legislation requiring the prompt disclosure of the loss or theft of personal data, and federal legislation is pending. In August, Massachusetts enacted a law requiring, among other things, the prompt reporting by companies of the loss or theft of personal information. (Chapter 82 of the Acts of 2007.)
Publicly announcing the loss or theft of sensitive data – a circumstance that has been coined a “CNN moment” – has become a common nightmare for many corporate officers. Two thousand laptops are stolen every day and, according to a survey conducted by McAfee, a security software company, one third of the respondents believed that a major security breach could put their company out of business
It obviously makes good business sense to protect sensitive data with firewalls and encryption, but increasingly companies are being required to take steps to protect stored data, or “data at rest,” by industry-specific laws and regulations.
Such laws include HIPAA, applicable to health care providers, and the Gramm-Leach-Billey Financial Services Modernization Act of 1999 (GLBA), applicable to banks and many brokers and insurers.
Recently the Fair Trade Commission has filed enforcement actions against companies in other industries, such as Microsoft, BJ’s Wholesale Club, Tower Records and a number of others, based on an alleged failure to take adequate steps to protect customer data. The FTC claims this is an unfair and deceptive act that violates section 5(a) of the FTC Act.
And, of course, the frequency of reports of lost or stolen laptops and data security breaches has enabled plaintiffs’ lawyers to persuasively argue in negligence actions that such incidents are reasonably foreseeable, and that a failure to take adequate steps to protect personal information stored on such devices is a breach of the duty of care.
Steps to take
But what steps would be considered sufficient in the face of a data security breach to defend against a negligence claim, or to avoid a statutory disclosure obligation? One might assume that simply putting up a firewall on the company’s network, adopting strict security policies and loading the laptops with encryption software would be sufficient.
Unfortunately, it’s not that simple. Encryption of sensitive data is a minimum requirement to establish a defense to a claim of negligence in its loss or theft. The problem with software-based encryption is that it is “hackable.” A case in point is TJX, which claims that the data stolen from its network was encrypted. The thieves apparently hacked the keys.
Software-based encryption used on laptops and other portable devices bears the further frailty that its effectiveness depends upon the user observing company policy respecting its use. As any IT administrator will confirm, establishing policies regarding computer use does not mean that they will be followed.
Generally speaking, encryption software falls into two categories: file/folder encryption and full disc encryption. Each has its flaws. File/folder encryption software either requires the user to take the affirmative step of encrypting a file or folder when it is saved, or to set up protocols such that all files and folders of a particular type will be automatically encrypted when they are saved.
In either case, the user can either intentionally or inadvertently fail to encrypt sensitive data. Full disc encryption, on the other hand, automatically encrypts nearly all data on the hard drive. After loading the software it can take several hours to encrypt all the data on the drive, and several more to decrypt it.
While using the software, system performance decreases approximately 30 percent. As a consequence, many users succumb to the temptation to disable it, which they have the ability to do.
While software-based encryption, properly used, may protect a company from damages associated with the improper use of stolen data, it may not protect a company from the requirement to disclose the loss or theft.
In view of the growing body of legislation requiring the prompt reporting of lost or stolen data, the trend is that in order to avoid the disclosure requirement a company must be able to provide an audit trail demonstrating that the data was encrypted.
It is unclear whether simply proving that the laptop or portable device was loaded with encryption software will meet these requirements. If the user is able to turn off the encryption function, or must take specific steps to encrypt files, the company may be unable to satisfactorily prove that all sensitive data was encrypted. The company couldn’t take advantage of the safe harbor provision of such statutes.
Technology help
The best solution to both encrypting data at rest and providing an audit trail has just arrived on the market in the form of full disc encryption (FDE) hard drives. This summer, Seagate Corporation, the world’s largest hard drive manufacturer, launched the first commercially available FDE hard drive for laptops.
Hitachi has also just released an FDE drive but software is not yet available to manage the drives in a network environment. Seagate’s drive is compatible with software from Wave Systems Corporation to perform key back up and remote administration functions. FDE drives for desktops should be available from both companies in several months.
FDE drives present the most secure way to store data at rest, as the encryption function cannot be turned off by the user. Nor is there any temptation to do so, as the encryption function operating at the hardware level is performed invisibly, with no reduction in performance.
Further enhancing the appeal of FDE drives is the fact that they cost no more than a standard drive plus the price of an encryption software product. Thus, FDE drives are equal in cost to software encryption, superior in performance, and using FDE drives enables a company to irrefutably demonstrate that lost data is encrypted and to avoid the need to report lost or stolen laptops.
The future of network security is also hardware-based, according to the Trusted Computing Group. The TCG is an organization comprised of approximately 160 of the leading computer hardware and software companies around the world, creating and advocating the adoption of open standards for more secure, or “trusted,” computing.
The cornerstone of the TCG’s efforts has been the development of the Trusted Platform Module, a computer chip integrated onto the motherboard that, among other things, stores passwords, cryptographic keys and digital certificates. It can also securely generate and limit the use of keys.
Because the information stored on TPMs is protected by hardware, it is nearly impervious to both physical and software attacks. Each TPM is uniquely identified, which allows a network to verify that the user seeking access is who he says he is, and that the software on the remote device seeking access has not been tampered with, before granting network access.
In large part because Microsoft has required computer manufacturers to include TPMs in their products in order to meet logo compliance requirements for the higher-end versions of its new Vista operating system, nearly all laptops and desktops purchased by businesses today (and for the past year) are equipped with TPMs.
Most buyers don’t even realize it, as TPMs are simply included on the machine and not an additional cost option. Moreover, their presence is undetectable unless you look for them, as they are “off” when they are shipped and need to be “turned on” before they can be used.
TPMs can be used to verify that the computers connected to a network are authorized to be connected and in an unadulterated state. TPMs can also greatly improve password security, as they can be used to store all of the user’s various passwords securely.
The user need only remember one password to log onto the PC and the TPM then authenticates the user to the various sites where the user has a password-protected account.
The advantage is that a user need only remember one password (ideally one that is long and difficult to guess), and there is no need to store a list of the user’s other passwords in an unprotected file or in hard copy form, which could be surreptitiously viewed.
TPMs can be also used to strengthen the security offered by biometric devices, such as fingerprint scanners, and smartcards.
All sensitive data on laptops, PDAs, flash drives and other portable storage devices should be encrypted. At least, in this way, a company can reduce the damages associated with the loss or theft of such data.
However, to avoid the “CNN moment,” a company must be able to prove that the data was encrypted. Software-based encryption alone may be insufficient to avoid the spotlight.
Jeffrey Upton is a shareholder at Hanify & King in Boston. His practice focuses on general business counseling and litigation, real estate and employment litigation, arbitration and mediation and intellectual property. Jeffrey can be reached at 617.423.0400 or jju@hanify.com.
Q3 2007 CC Transcript
As we’ve not yet gotten a transcript from seekingalpha.com, Dutton, or accessmylibrary.com, and since Unclever has unfortunately not yet returned, I’ve posted a transcript of the Q3 conference call over on investorvillage.com (message 149 on the WAVX board).
Possibly someone who knows about these things can copy it and upload it in some other format, if that is needed.
I wanted some excerpts to send to people who I have gotten into Wave, and then I went into obsessive/compulsive mode and did the whole thing. I chose investorvillage because it posts text cleanly.
http://www.investorvillage.com/smbd.asp?mb=4049&mn=149&pt=msg&mid=3477794
Maxtor USB Drive with Encryption
This is interesting because it’s a specific new encrypted drive - and the info is straight from the horse's mouth. No date given, but as I recall they had it - or something that represented it - in their hands.
This is a copy of my post #153251 on October 19th.
Seagate's Watkins on PBS Nightly Business Report
About minute 23:
ANNOUNCER: This little guy is a disk drive which plugs into the USB port on your computer and holds 160 gigabytes of data. It is the Maxtor One-touch 4 from Seagate and it sells for about $140. Whatever the make or model of your computer, it is very likely to have Seagate storage drives inside. Keeping computer data secure is a major concern for business, and Seagate’s CEO Bill Watkins said his company is providing a solution to that and other problems in its newest models.
WATKINS: One of the products that we’re launching is a back-up drive, the Maxtor, where we’re really giving you bare metal back-up. We allow synchronization of your content to other devices, things like that. Terabyte storage. And along with that we put encryption. And what we have created is a new encryption technique using a chip that encrypts all your data at the interface, and so it’s absolutely foolproof.
ANNOUNCER: Watkins also made news recently warning that China is looking to buy data storage technology. He says he didn’t mean that they were trying to take over Seagate.
http://www.pbs.org/nbr/info/video.html
This link is for the current show so will only work for today for the October 18th show. Maybe this show can be found later in archives.
Snack, I didn't intend for my post to sound so harsh. It’s been preying on my mind, so now I’ve gotten out of bed to explain.
1. When a sale is made and the cash is received:
Debit (increase) Cash
Credit (increase) Income
The revenue is recognized, as can be seen by the entry to Income, and the transaction is done.
2. When a sale is made and the cash is not yet received:
Debit (increase) Accounts Receivable
Credit (increase) Income
Again, the revenue is recognized, even though the cash has not yet been received.
When the cash is received:
Debit (increase) Cash
Credit (decrease) A/R
No effect on the Income account as the revenue has already been recognized.
3. When cash is received but the revenue cannot be recognized yet:
Debit (increase) Cash
Credit (increase) Deferred Revenue (liability account)
As the revenue is recognized:
Debit (decrease) Deferred Revenue
Credit (increase) Income
Now the revenue is recognized in the Income account.
Best wishes.
Snack,
May I humbly suggest that you do a little research into the applicable accounting before you keep digging a deeper hole.
Player may not be explaining it too clearly, but he is correct.
Ramsey, thanks. eom
Dell Launch Delayed til September?
Ramsey,
“Q3 revenues don't matter much IMO, given that the Dell FDE launch was delayed well into September.”
I’ve been buckling down lately and trying to read more posts but I missed anything about Dell’s launch of FDE being delayed until September. I had thought they started shipping at the end of July.
I did read, for example, Dory’s post #150684 at the end of August concerning the conversation on a plane with a Dell employee about how Dell couldn’t ship the drives fast enough: “Then he ranted for a few minutes about the delays and demand respecting the FDE drives, how how they can't ship them fast enough, and how everyone was nagging him -- even Wave -- because they were sending Dell orders or customers and couldn't get delivery dates soon enough for their liking.”
I didn’t interpret this as meaning that orders were not being shipped, but rather that Dell couldn’t keep up with demand.
If you have the time, could you give more details concerning your timeline? Possibly you meant Dell didn’t get a large amount of FDE drives until September??
(I've gotten a couple of friends into Wave with small positions, telling them that there should be a couple of months worth of FDE-releated revenue in Q3....)
Go-kite,
I often play around with Q3 numbers in idle moments, so I would really like to understand your figures.
This is from your post #153695
4,000 FDE sales = $50*4000 = $200,000
4,000 ETS upgrades = $50*4000 = $200,000
Some ERAS sales = $100,000?
That's $500,000
Add 1.5 with 0.5 and you get a 2 in front.
If they couldn't sell 4000 each in Q3, that will disappoint me.
++++++++++++++++++++++++++++++++
This is an example of my latest thoughts:
20,000 FDE w/ ETS/TDM bundle = $7 *20,000 = $140,000
10,000 ERAS sales for FDE = $50*10,000 = $500,000
1,000 ERAS sales for TPM management = $50*1,000 = $50,000
1,000 EAS sales = $50*1,000 = $50,000
1.5
+0.140
+0.500
+0.050
+0.050
= 2.240
So I get similar Q3 revenues with very different FDE sales estimates....
++++++++++++++++++++++++++++
Is it possible that your first line, “FDE sales,” should have been for $7 instead of $50?
Or are you saying something like the following:
-- “FDE sales” at $50 means ERAS sales for FDE drives
-- “ETS upgrades” at $50 means upgrades to the full client ETS for customers who previously got ETS lite. I don’t think I can be right here because it would seem that a corresponding number of server upgrades would also be bought.
-- “Some ERAS sales” means ERAS sales to manage TPMs.
If you have the time, could you give more detail? I just can’t quite figure it out.
Thanks very much.
+++++++++++++++++++++++++++++
P.S. This is from SKS' July 30 presentation:
Around minute 14, a confirmation of the market’s growing interest in full disc encryption:
“There is an existing group of players that produce software-based full disc encryption, companies like Utimaco, PointSec, Safeboot, Credence, and others. And they’re actually starting to see an interesting upsurge in their market as well, as the enterprise-at-large, both government and corporate enterprises, realize that all data on all laptops should be encrypted.”
Then he talks about the advantage of the Seagate drive.
Then about minute 17:
“This is a product that should easily move into tens of thousands of units and then hundreds of thousands of units a quarter.”
Seagate's Watkins on PBS Nightly Business Report
About minute 23:
ANNOUNCER: This little guy is a disk drive which plugs into the USB port on your computer and holds 160 gigabytes of data. It is the Maxtor One-touch 4 from Seagate and it sells for about $140. Whatever the make or model of your computer, it is very likely to have Seagate storage drives inside. Keeping computer data secure is a major concern for business, and Seagate’s CEO Bill Watkins said his company is providing a solution to that and other problems in its newest models.
WATKINS: One of the products that we’re launching is a back-up drive, the Maxtor, where we’re really giving you bare metal back-up. We allow synchronization of your content to other devices, things like that. Terabyte storage. And along with that we put encryption. And what we have created is a new encryption technique using a chip that encrypts all your data at the interface, and so it’s absolutely foolproof.
ANNOUNCER: Watkins also made news recently warning that China is looking to buy data storage technology. He says he didn’t mean that they were trying to take over Seagate.
http://www.pbs.org/nbr/info/video.html
This link is for the current show so will only work for today for the October 18th show. Maybe this show can be found later in archives.
topseeded, re anchors for stock prices
Needless to say, there are many factors which influence stock prices, but these few paragraphs I found very interesting, and they seem to address your question. They are from Chapter 7 of Robert J. Shiller's book “Irrational Exuberance.” It is under the heading “Quantitative Anchors for the Market.”
"Designers of questionnaires have learned that the answers people give can be heavily influenced by suggestions that are given on the questionnaires themselves. For example, when people are asked to state within which of a number of ranges their income falls, their answers are influenced by the ranges given. The ranges serve as ‘anchors’ to which they make their answers conform.
"Psychologists have shown that people’s decisions in ambiguous situations are influenced by whatever available anchor is at hand. When you must come up with an estimate, and you are unsure what to say, you take whatever number is before you. Psychologists Amos Tversky and Daniel Kahneman demonstrated this tendency clearly in an experiment involving a wheel of fortune: a large wheel with the numbers from 1 to 100 on it, similar to those used in television game shows, that is designed to stop at a random number when it is spun. Subjects were asked questions whose answers were numbers between 1 and 100, difficult questions such as the percentage of African nations in the United Nations. They were asked first to say whether the answer they would give was above or below the number just produced by the wheel of fortune. Then they were asked to give their answer. The experiments found that the answer was quite substantially influenced by the random number on the wheel. For example, if the wheel stopped at 10, the median percentage of African nations according to their subjects was 25, whereas if the wheel stopped at 65, the median percentage was 45. This experiment was particularly interesting because it was designed so that the subject clearly knew that the number produced by the wheel was purely random and, moreover, because the number produced by the wheel should have had no emotional significance for the subject.
"In making judgments about the level of stock prices, the most likely anchor is the most recently remembered price. The tendency of investors to use this anchor enforces the similarity of stock prices from one day to the next. Other possible anchors are remembered past prices, and the tendency of past prices to serve as anchors may be part of the reason for the observed tendency for trends in individual stock prices to be reversed. Another anchor may be the nearest milestone of a prominent index such as the Dow, the nearest round-number level, and investors’ use of this anchor may help explain unusual market behavior surrounding such levels."
Two separate posters: Blue Fin and BlueRiver
Former alias: BlueRiver
When I first realized my alias was similar to a poster who was already here I was afraid it would be confusing. Now I am sure that Blue Fin doesn’t want to be confused with me, as I unintentionally stirred up so much negativity and didn’t even know what gravamen meant.
I’ve changed my alias to: Chance To See
go-kitesurf, I had just finished composing my response and went online to post it and saw SL’s response. This is what I was going to post:
“It looks like your question should be directed to SheldonLevine or another IT person. I thought 'securing the boot sequence' or 'locking the normal boot process' would be what you were asking about.”
Thanks, Ramsey. I will check it out. EOM
Re: Microsoft IT TPM Deployment
I am not an IT expert. I am an investor with, for me, a lot of money at stake. I worked hard to present the issues in an organized fashion.
The thread started with Blue Fin (#147316) asking why TCG members had not deployed TPMs. I took up that question, and SheldonLevine responded by saying that Microsoft was deploying TPMs. My post #147670 was a response to SheldonLevine’s post #147429.
I had hoped that by presenting the issues clearly and seriously I would attract responses from people with more knowledge than I possess who would also address the questions seriously.
MY RESPONSE TO THE RESPONSES
helpfulbacteria,
I will try to ignore the unfriendliness of your post and address the issues.
As I said above, I worked for days to try to digest the facts that SheldonLevine presented and to present the issues in an organized fashion.
1. You “vaguely recall” TraderJoe’s post. I gave the number of TraderJoe’s post (#144186) so that anyone who was interested could check it out. I have no idea how many times TraderJoe posted. I thought the information was potentially useful. (If I had re-edited my post for the 20th time, I would have chosen a word other than “haunted.”)
2. “The post assumes quite a bit.” I didn’t assume anything. I tried to present facts and logical conclusions from those facts. I asked for help in this.
3. “For example, the poster worries about Wave's software being subsumed by Microsoft ….But, in order to BUY that premise, one has to BELIEVE that VISTA uptake is going at a terrific clip. And, I'm sorry, I've not read a single article in the past month or so that indicates that VISTA is being rapidly adopted.”
“I don't think one can infer from anything that Sheldon posted that SUBSUMPTION is moving at a faster or slower pace”
The point is that Microsoft seems to have gone out of its way to put TPM-related functionality into Vista that is not strictly needed for file encryption. This signals to me that they are ready, willing, and able to encroach on Wave’s territory. And one of those functions, software state attestation, implies to me, a non-IT person, that they will use a version of that with their network access control product, and so Wave’s EEE won’t be necessary for companies using Microsoft’s NAC.
4. “The post also expresses seeming surprise that there are (or even could be) TPM implementations that don't include Wave” See my response to Ramsey below.
5. I think you should be more concerned about the “gravamen” of your own post. (Possibly you meant “gravitas"?)
+++++++++++++++++++++++
Ramsey,
Thank you for your response.
You say “the reality is the OEMs are not positioned like Wave to offer the software upgrades enterprises need to implement Trusted Computing.”
helpfulbacteria says, “The post also expresses seeming surprise that there are (or even could be) TPM implementations that don't include Wave. Well, I guess I'm surprised that the poster is surprised. Haven't we known that, for example, HP has at least a couple of TPM reference customers--one of them I believe is a hospital in Germany?”
So, we have TraderJoe’s list (if true) of companies deploying TPMs without Wave’s infrastructure software. Helpfulbacteria speaks of “at least a couple” of HP examples. And SheldonLevine revealed that Microsoft is deploying TPM’s without Wave’s infrastructure.
So, is Wave’s software necessary for a large-scale deployment? It certainly doesn’t look like it, does it? Maybe there is a benign reason these companies have not employed Wave’s software. Maybe they will in the future. I don’t know. I’m trying to find out.
Re Your Post Concerning Traderjoe’s Post: I had asked TraderJoe what those companies were using for server-side software. You responded that you doubted that they used Wave-type server management, that the enterprises’ PCs were probably from one vendor, and that the implementations were probably free. I was glad to hear that and I appreciated your post. At that time I was just glad to hear that there were no competitors - at least, that is how I interpreted your statements. I didn’t think further at that time, to say, “Well, how can these companies be deploying TPMs successfully without Wave or Wave-type infrastructure?” I should have responded to your post with a “thank you.”
Re: MSFT IT TPM Deployment
FROM SheldonLevine’s POST #135919
“5. BitLocker uses a startup key plus a user-supplied PIN to secure the boot sequence. The startup key can be protected by the TPM or it can be stored on a USB drive.”
FROM MICROSOFT LINK SUPPLIED BY SheldonLevine IN POSTS # 147408 AND # 147418 (link is below)
Under “Overview of New Functionality”
BitLocker also offers the option to lock the normal boot process until the user supplies a personal identification number (PIN) or inserts a universal serial bus (USB) flash drive that contains keying material. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the user presents the correct PIN or USB flash drive.
PREVIOUS THREADS
There were some threads on this back in January. Some posts are within the same thread as # 135919 and others are in separate threads.
MSFT link:
http://www.microsoft.com/technet/itshowcase/content/vistasecurity_twp.mspx#EUD
Re: MSFT IT TPM Deployment - SL
SL,
Thank you for re-posting the links. I didn’t read them at first because
1. I thought BitLocker/Vista’s only interaction with the TPM was to use it for file encryption.
2. I assumed that any company (particularly in the TCG) that was deploying TPM’s would need Wave’s software to manage the TPM’s.
There are a few intertwined issues here, so I’ll try to keep it organized. This seems really bad to me. If anyone can put it in a more positive light, I would appreciate it.
APPARENT FACTS
-- Microsoft is deploying TPM’s
-- They are doing it without Wave’s TPM management software
-- They are using Vista/BitLocker to back up TPM keys used by BitLocker
-- They are also using Vista/BitLocker to provide pre-boot authentication functionality and pre-boot software state attestation
-- There was a list of large TPM deployments in TraderJoe’s post #144186.
-- Wave has been saying for a long time (I gather) that eventually the functions in its software will be taken over by the operating system.
CONCLUSIONS
-- Microsoft is likely to put all the TPM management and functionality needed for network access control in its NAC product (since that is what they did with BitLocker – and since BitLocker contains the beginning of software health state attestation)
-- Microsoft is taking over Wave’s functions much more quickly that I, for one, anticipated.
-- It is a simple matter for Microsoft to provide updates to its operating system, so at any time it can increase its TPM management functionality (i.e., they don’t have to wait for the next generation o/s.)
-- Any company that is relying on Microsoft for data encryption and network access control does not need Wave.
-- The companies on TraderJoe’s list are doing fine without Wave’s software.
SO WHERE IS WAVE'S SOFTWARE NEEDED?
-- Is currently desirable for enterprise management of Seagate drives (full ETS bundled from Dell, plus server)
-- Can be used for biometric log-on to a computer, consumer Seagate use, consumer web log-on ($.50 from Dell, GTW)
-- Can be used for authentication to a network (upgraded client, plus server – few takers so far)
-- I would like to say it was needed to manage the TPM's in companies deploying TPMs without Vista/BitLocker (or Microsoft’s NAC), but that list in TraderJoe’s post keeps coming back to haunt me.
OTHER WAVE INCOME SOURCES
-- Eventually Wave’s software will be taken over by the o/s (sooner than expected?) and then Wave will make its money from transactions plus ________???
MY CONCLUSIONS
This doesn’t look good to me. Hopefully I am mis-interpreting something.
Any comments would be appreciated.
Re: Does anyone but me question why none of....
SL and cosign, thanks for responding. (I’m still working on my free posts, so I have put my responses together here.)
cosign,
You wrote: I suspect none of us really know why? and some of them may have opted for TC, but are not publicizing their security measures. This is the kind of question that should have been answered at the ASM...and take a company like Dell...they are out selling this tech, and are they actually using it in house..I would think so, but that isn't the kind of thing that they would pr."
I think we’re going on the assumption that to successfully deploy TPM’s, Wave’s software is needed. How could these companies have deployed TPM’s with no enterprise key management, for example? We need only look at Wave's revenues to see that none of these companies are using Wave's software.
Sheldon,
I think the question has to do with using TPM’s for the company’s own security. Microsoft using TPM’s to support one of the features in their operating system is a different subject I think.
Re: Does anyone but me question why none of
Blue Fin’s original post #147316:
“Does anyone but me question why none of the TCG members have announced or acknowledged the adoption of the TC technology? After all of the CC's about how hot this product is,I thought sure some of the members would have moved in that direction, but not a word except for Papa Gino's.”
The discussion got sidetracked into why individual people aren’t using TPM’s.
But does anyone have any thoughts on Blue Fin’s original question about why TCG member companies haven’t deployed the TPM (as far as we know) in their own companies? Why isn’t Intel or Microsoft or any of the other 173 members Wave’s first big customer?
Isn't it very, very, very puzzling?
One Link at a Time
In the past, I’ve mentioned my dismay at the company’s website.
I noticed some time ago that the “What is a Trusted Computing Module?” link on the home page takes you to an essentially useless page called “Reduce the Cost and Complexity of IT Security.” (Nice title, important subject, cute graphics, but no meat, and certainly doesn't address the question of what is a TPM.)
I kept assuming/hoping that the link would be fixed. (You know, there would be someone responnsible for the web site who would periodically check it out.) Today it finally got to me, so I called the sales department. The woman I spoke to was also dismayed that such a crucial link would be incorrect.
It sounded like she would get on it and try to get at least that one link fixed.
Courtesy of Unclever’s site: about $1
Q4 2006 CC 3/14/07
So, on the first basis, this business model is very similar to our standard OEM business model, in that we have licensing arrangements where we supply a lightweight version of our software, either through Seagate bundled with the drive, or directly to a PC manufacturer. And we actually now have both relationships in place. We certainly would expect to expand on our OEM relationships, as time goes forward. There are many OEMs who are sampling drives today, and we certainly look forward to working with them to supply software. We generate north of $1 per drive on a royalty basis for the light version of our software but then we provide enterprise tools that are used to manage these drives. And in order to use the enterprise tools, you have to have a fully copy of our EMBASSY Trust Suite client software edition. And so that works out to be between $50-100 upgrade range depending on the feature set that the customer would like.
Q1 2007 CC 5/10/07
We provide client software to help manage the Seagate drive, and we provide server software that provides centralized administration of those drives. The centralized administration software we call EMBASSY Remote Administration Server, and that's where we expect to make the majority of our sales with Seagate, in that the EMBASSY Server is much more of a $50 or $75 per seat model as opposed to there is software that we bundled with Seagate drives in a number of cases, which is typically about a $1 a transaction.
TraderJoe: Re TPM Deployment List
Do you know what these deployments are using for server-side software for TPM management?
Well, I went to Wave’s site to see if I could get more clarity on the functions of the various client-side and server modules and how they relate to each other. I was tremendously disappointed to find that the “Products” section is one of the sloppiest and most confusing presentations of information I can remember seeing. If I have the strength I’ll put together some feedback for the company, but I hope they’re working on it already because this is just plain awful.
In the meantime, I have many questions about the products. Over time I hope to figure out most of it on my own, but I wonder if anyone could answer a couple of questions about the Remote Administration Server. (Since the web site was so bad, I went to the press release, but it gave virtually no concrete information while making it sound like ERAS was going to make the difference between companies adopting or not adopting the TPM.)
ERAS Questions:
1) Since the other Wave server modules already allowed IT to centrally control most (all?) aspects of the TPM, did the Remote Administration Server merely add the ability to activate and de-activate the TPM (in addition to controlling the Seagate drive)?
2) Does ERAS now serve as the “control center” for the other server modules and is the scripting capability a part of that?
Thanks for any help.
Thanks for the Analogies
Having just posted my second message below, I wanted to thank you for the analogies you provided in response to my initial post a couple of weeks ago. I have taken a position in the stock and am continuing with DD.
I have wanted to respond directly about analogies concerning Wave's products vs. others, but have not put the post together yet.
Re Utimaco Safeware and HSM
Don’t know if this is useful, but this old January 2005 document from the TCG lists applications by Utimaco Safeware on page 6.
-- This may imply that their HSM is following the TCG standards for TPMs.
-- Seems it would be useful to know what they are doing now.
-- I also wonder why SKS doesn’t mention Utimaco as a competitor and if Wave software works with this HSM. I've only heard him mention Lenovo and Infineon as competitors in the context of saying that Wave software is compatible with their chips.
https://www.trustedcomputinggroup.org/specs/TPM/Whitepaper_TPMs_Strengthen_User_and_Platform_Authenticity_Final_1_0.pdf
Can Anyone Clarify This Comment From Q4 CC
I began my DD a few days ago. Among other things, I’ve listened to the last two conference calls.
For me, the most puzzling statement in the Q4 call was the following quote. It came right after the complaint that potential customers were looking for solutions to specific problems rather than grasping the concept of the TPM is the basis for an overall security solution: “We are competing on the point solutions. But in many cases, some of the point solutions have much greater feature depth than we have in providing the software that we use to leverage the trusted platform module.“
Unless he misspoke or I am misinterpreting this, he said that other vendors (with non-TPM solutions) have better products for solving the individual problems that the enterprise faces such as authentication problems or data protection problems.
Can anyone comment on this?