Quantcast
Subscribe to magazine

Intel Adds Encryption to vPro Microprocessors

Matt Hines, Infoworld

  • 0 Yes
  • 0 No

Complementary to Software

Rather than pitching the Danbury tools as an alternative to commercial encryption applications, the features will serve to augment software products made by companies including Credant, PGP, Pointsec, Safeboot and Utimaco, according to the Intel product engineering leader.

All of those firms have already partnered directly with the CPU manufacturer around the upcoming release to build hooks in the chips to integrate with their own encryption software systems and allow customers to take advantage of the Danbury capabilities, he said.

"By taking certain sensitive operations and putting them directly into the hardware, such as by moving the keys into the chipset, we are making these encryption systems easier and more practical to get up-and-running," Grobman said. "This isn't an effort to compete with encryption software makers but rather to help customers see better implementations of their tools; we believe that these new features should actually have a positive effect on the entire encryption space."

The addition of the Danbury tools represents only the latest in a string of security and management technologies embedded directly into the vPro lineup by Intel, including the company's Active Management Technology (AMT), which is aimed at making it easier for administrators to do remote updates on corporate machines, such as for installing anti-virus (AV) updates or operating system (OS) security patches.

Other Features

Earlier this year, Intel also announced new features that extend malware behavior-detection further onto the CPU level and wall off virtualized software systems from attack, along with new tools meant to help desktops communicate directly with so-called network access control (NAC) systems, which are used for device configuration monitoring and network authentication.

In another nod to extended management capabilities, the Danbury features will also provide IT organizations with the option to gain remote access to encrypted machines to patch them -- without any interaction on the part of end users, Grobman said, and give administrators the ability to set parameters for implementation of encryption applications using Microsoft Active Directory.

Companies that have already installed encryption programs often find it a time-consuming process to help users who forget their computer passwords regain access to their machines, Intel executives claim.

And whereas administrators of encrypted machines are often forced to decrypt entire disk drives to perform tasks including operating system updates today, the new vPro features will eliminate complex software processes that make for such arduous work, they promised.

With a growing number of regulatory mandates requiring companies to encrypt the data stored on their computers, and large numbers of high-profile corporate data breaches splashed across the headlines, many companies have moved to deploy the systems and subsequently found them too unwieldy to employ on a broad basis, said Malcolm Harkins, general manager of Intel's Information Risk and Security Group.

The fact that today's encryption systems don't provide full-time disk protection, as many users think they do, has even led Intel itself to delay broad use of the technology, he said.

"We have not moved to deploy full disk encryption simply because we didn't feel it was worth it to spend millions of dollars to add technologies that wouldn't provide sufficient levels of defense," Harkins said. "I don't think that many companies that have already installed encryption software realize the shortcomings, and that by putting their faith in these tools they may actually be increasing their overall risk."

Harkins pointed out that companies using existing encryption tools may also run afoul of e-discovery regulations if users have data stored on machines that cannot be accessed centrally by administrators, such as in the case of a lost or forgotten password.

"When you start looking at the legal implications with these regulations, you realize that there are also some additional risks that these companies may not be aware of," he said. "People are adopting encryption as a solution to some of these problems, but they may be creating additional problems for themselves in the long-term."

For more IT analysis and commentary on emerging technologies, visit InfoWorld.com. Story copyright © 2007 InfoWorld Media Group. All rights reserved.

  • Recommend this story?
  • 0 Yes
    0 No

"Intel Adds Encryption to vPro Microprocessors" Comments

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace