Wave Systems Corp. (fka WAVXQ)

[Fullmoon]

Lenovo unveils Hardware Password Manager

http://www.echannelline.com/usa/story.cfm?item=24446

Lenovo unveils Hardware Password Manager

by Mark Cox

Lenovo has announced the Lenovo Hardware Password Manager, a universal tool that allows companies to get full value from hard disk encryption by letting IT administrators remotely manage employee hard drive passwords.
"This is an industry first," said Stacy Cannady, product manager, security, at Lenovo. "No one else is able to centrally manage all available brands of fully encrypted drives."

Cannady said that the full potential of encrypted drives has not been utilized previously because they were such a nuisance to manage, many companies chose not to deploy them. The core of the management technology has existed for years, being developed by IBM in the 1980s. But applying it in such a way that conformed with modern privacy laws, particularly in the EU, where such laws are more stringent was one challenge. And doing it using the PC BIOS, where difficulty in programming there made OEMs understandably reluctant to see changes made to it, was another. Consequently, adapting the IBM technology to this solution required four years of development.

Hardware Password Manager deals with these issues by having two separate passwords, IT administrators create the "real" password within a "vault" in the PC's BIOS. The administrator can then deploy the PC or remotely send the installation package to an employee's PC in the field. When the employee turns the PC on, he or she will choose their own unique user ID and password to access the PC's hard drive. Similarly, when the employee enters his or her user ID and password, it will also unlock the fully encrypted hard drive.

"The result is that the user does not know the 'real' password, and the administrator does not know individual users' passwords." Cannady said. But the administrator will have access to the encrypted drive if the user forgets their own password.

Where companies do not manage employees' hard drive passwords, a drive would have to be sent to a third party for recovery if an employee forgot a password for their PC's hard drive, and if the drive happened to be encrypted, the data would be unrecoverable. For the small number of companies that do manage employees' passwords, password resets would most likely require on-site support, adding time and expense for the organization. A Gartner study found that help-desk related calls, including password resets, can cost companies up to $18 per call, which can add up quickly across a large organization.

Hardware Password Manager is thus particularly attractive to very large firms. But Cannady said that in some industries, particularly those related to defense, regulation and contract requirements mandate certain BIOS configurations, and without central management of the supervisor password, meeting that requirement can be costly and labor intensive. Password management is also attractive to companies which face compliance requirements, and this covers a broad range, from banks, to doctors' officers to certain types of retail organizations.

While VAR opportunities with Hardware Password Manager in very large firms is likely limited, Cannady said that it has real potential for them as a managed services play.

"For VARs, there is a real opportunity here to create a managed services solution for smaller companies, who can see the value in having this provided as a service," he said.

Lenovo Hardware Password Manager will be available worldwide starting in early May.