WinMagic ® has launched SecureDoc Version 5.2, the only full-disk encryption (FDE) solution to support Lenovo® Hardware Password Manager (HPM) on ThinkPad laptops and ThinkCentre desktops. Hardware passwords prevent access to hard drives, including self-encrypting drives, to deter theft by making stolen devices worthless.
Lenovo and WinMagic have teamed to integrate HPM with WinMagic’s SecureDoc Enterprise Server (SES) to enable administrators to centrally manage all four standard hardware passwords from the same console that manages enterprise-wide encryption – making it simple to utilize SED (Self-Encrypting Drive) and BIOS credentials, monitor device status and reset BIOS passwords to ensure forgotten passwords do not negatively impact productivity.
SecureDoc v5.2 is also the first FDE solution to incorporate Pre-Boot Networking (PBN) and Advanced Encryption Standard New Instruction (AES-NI) to make FDE easier to manage and faster than ever before – enabling organizations to provide all the security benefits of FDE without any of the management, user or network performance headaches associated with encrypting endpoint devices.
PBN enables SecureDoc v5.2 to authenticate fully-encrypted endpoint devices against Microsoft’s Active Directory (AD) and the SES from the pre-boot environment – before the key to decrypt and load the operating system is available. By eliminating the need for users to authenticate locally in the pre-boot environment to unlock the system and connect to the network, PBN makes it just as easy for users to access the network from an encrypted device as an unencrypted device.
Eliminating the need to preload user keys on an encrypted device also makes it simple to authenticate users with network resources rather than local credentials, which enables administrators to utilize all the same management tools for encrypted networks – including software upgrading and patching, system reboots, adding third-party consultants and instantly removing a user’s logon permissions or resetting their password for immediate pre-boot authentication by simply updating their AD group membership – that were previously only available on unencrypted networks.
SecureDoc v5.2 also significantly improves the speed of full-disk encryption by providing full support for AES-NI – a new set of CPU instructions. By making it easy to configure AES-NI from the SES, SecureDoc v5.2 now makes it simpler than ever before for customers to encrypt drives in Windows. When AES-NI is used to encrypt SSDs (Solid State Drives) users get significantly more performance out of these fast drives than is possible with just straight software encryption.
Additionally, SecureDoc v5.2’s key file credentials can now be synchronized with a user’s Windows ID to provide Single Sign-On (SSO) capability with Windows 7 64 bit. As a result, users can unlock the key file, boot the Windows operating system and log on to Windows 32- and now 64-bit systems by simply entering their pre-boot authentication credentials – eliminating the time required to enter multiple credentials and the need to memorize multiple passwords.
“WinMagic believes it should be just as simple to manage and use encrypted devices as unencrypted devices, and SecureDoc 5.2 does this by incorporating Lenovo HPM, PBN, AES-NI and SSO,” said Thi Nguyen-Huu, CEO of WinMagic Inc. “5.2 not only simplifies daily data protection management to minimize associated costs, but also makes it easy to set security protocols by enabling managers to apply AD policies to encrypted devices to determine who can access which device and when,” Nguyen-Huu continued. “And, as 5.2 makes encryption transparent in terms of device performance and makes it easy for FDE users to simply enter a password to access the network from any encrypted device – which is invaluable for sectors such as government, healthcare and education where users travel around the buildings – we feel it is not unrealistic to say that 5.2 is the simplest, most complete and most cost-effective FDE solution ever.”
SecureDoc v5.2 also now supports sleep mode (s3) for centrally-managed SEDs such as the Seagate® Momentus® FDE and the TCG (Trusted Computing Group) “Opal” specification drives. This provides organizations with the flexibility to centrally deploy any combination of enterprise-class ‘always-on’ hardware/software-based encryption – or transition between the two – with full transparency for users and a consistent management interface for administrators.