Intel Anti-Theft and SecureDoc

We received a “Qual (pre-release) SDP” from Intel last week.   Basically, an SDP (Software Development Platform)  is pre-released hardware intended for ISVs (Independent Software Vendors)  like WinMagic to develop and test software against the latest Intel chip sets,  even before pre-release platforms are available  from the PC OEMs (for example HP, Lenovo, Dell, …).  Our QA department was keen to get its hands on the Qual unit to test SecureDoc’s support for Intel AT 5.0 that comes with these new units.   Our Development team had previously implemented support for Intel Anti-theft (AT) 5.0 on an “alpha” version of an SDP but those are not suitable for QA.

That got me thinking about Intel AT which SecureDoc has supported for several years now starting with Intel AT 2.0.   SecureDoc can leverage Intel AT embedded technology to help administrators protect and reduce the risk of hardware theft and data compromise.  SecureDoc with Intel AT offers customers an additional layer of security and theft deterrence including:

  • Device lock-down after (pre-defined) failed log-in attempts
  • Enable remote poison pill and theft mode
  • Theft mode when a device misses check-ins
  • Resume from standby (S3 Sleep) protection using pre-boot authentication
  • Customizable lost/found message
  • Easy reactivation of recovered devices

Intel AT is not an alternative to full disk encryption.  If your computer is lost or stolen and you have confidential data stored on the device it had better be encrypted.  Intel AT does complement FDE well.  When Intel AT is activated SecureDoc keeps part of the key required to decrypt the drive inside the Intel AT chip.  If a stolen condition is detected then the chip locks up the key and not only is the computer locked (platform disabled) but even the data is no longer accessible (data disabled) to an attacker even if he has the user’s log-in credentials  and moves the drive to another computer.

All that said, I think the main value proposition for Intel AT is spelled out right in the name—“Anti-theft”.   If the thief knows that the machine is protected with Intel AT and SecureDoc, why bother stealing the notebook in the first place?  Not only is the data inaccessible with FDE but even the computer is no use to the would-be thief.   A stolen computer can be a significant expense to the enterprise.  There is the cost of the computer, lost productivity, reporting and investigation costs.  This can add up to $5,000 or more, a lot less than if the computer was not encrypted, which could be millions but is still a cost that could be avoided.   If by deploying computers with Intel AT an enterprise can reduce its rate of loss/theft from say 3% to 2% it is not hard to do the math to show that Intel AT is technology that can save your company money.

Previous Post
Assessing Security & Risk
Next Post
Emergency Services Organization Need Protection Too