WinMagic Resource Center & Newsroom

Company news, press coverage, white papers, and brand assets: everything to keep you up to date about our products and company.

WinMagic Blog

Field notes from the WinMagic engineering and security team on authentication, encryption, and the long view of Zero Trust.

Filtered results

Identity for the Agentic Era

In Trustworthy Agents in Practice (April 9, 2026), Anthropic made an observation the rest of the security industry has been reluctant to make plainly: “agents’ behavior depends on all four layers working together. A well-trained model can still be exploited through a poorly configured harness, an overly permissive tool, or an exposed environment.

Why FIPS Matters Differently When the Endpoint Is the Authenticator

What changes when cryptographic validation stops being about data on a disk and starts being about identity in a transaction  WinMagic recently announced FIPS 140-3 validation for SecureDoc and MagicEndpoint (Certificates #5204 and #5214). For anyone familiar with full-disk encryption, the Federal Information Processing Standards (FIPS) 140 certification is expected — proof that cryptographic operations meet a federally.

The Flaw in Modern Passwordless Authentication

The Flaw in Modern Passwordless Authentication

The architectural flaw behind trillions of online transactions every day — and the fix that is already possible today. The passwordless authentication protocols we rely on trillions of times a day have a fundamental flaw.

What Comes Next for Passkeys?

What Comes Next for Passkeys?

Passkeys are rapidly becoming the modern baseline for secure login. They replace passwords with strong public-key cryptography, provide consistent protection across platforms, and help everyday users move away from fragile, error-prone authentication habits.

Did your login pass or fail?

Did your login pass or fail?

Few people realize that, for IT security, an authentication should deliver more than a verdict—pass or fail. The very terms we use—login, sign‑in, authentication, verification—frame the process as a decision that ends in a verdict.

Beyond SSO: Short Sessions & Always-On Security for Service Providers

Beyond SSO: Short Sessions, Always-On Security

How Service Providers Can Leverage MagicEndpoint Today Traditional SSO optimizes for convenience: authenticate once, trust a session for hours or days. That convenience comes with exposure: stolen tokens = borrowed identity until the session expires.

HEADER Open Letter

Open Letter to IT Security Technology Thought Leaders: Embracing New Approaches to Defend Against Cyberattacks, Minimizing User Burden

Key issues: With over 25 years of continuous innovation, WinMagic has consistently raised the bar in endpoint encryption. Leveraging our expertise in applied cryptography and endpoint protection for online access, we believe new ways of thinking can revolutionize cybersecurity to the extent that account hijacking is eliminated, with NO user burden.

Competitive Advantages of PBA

Competitive Advantages of Pre-Boot Authentication in Passwordless Secure Authentication

Competitive Advantages of Pre-Boot Authentication In the ever-evolving landscape of digital threats and cybersecurity challenges, the quest for secure and user-friendly authentication has led to the rise of passwordless solutions. Passwordless authentication — relying on methods such as biometrics and hardware tokens — offers a seamless user experience while eliminating the vulnerabilities associated with traditional.

WinMagic Discovered a Flaw in TLS and FIDO

WinMagic Discovered a Flaw in TLS and FIDO

Introduction In the ever-evolving landscape of cybersecurity, SSL/TLS has emerged as the preeminent security protocol, fortifying trillions of daily interactions through HTTPS across web browsers. The TLS protocol, meticulously developed by some of the brightest minds in the industry, stands as the bedrock of internet security, setting the gold standard for safeguarding data during transmission.

Passwordless for Government: A WinMagic Webinar

“I’m very excited to tell you more about our passwordless authentication, today. I believe it is game-changing and it will change the cyber security market,” said Thi Nguyen-Huu, Founder and CEO at WinMagic, during our “Passwordless for Government” webinar, hosted jointly with Carahsoft Technology Corp.

Avoid Cybersecurity Stress Burnout

8 Ways to Avoid Cybersecurity Stress Burnout

A recent report suggests that a majority of cybersecurity professionals experience extreme stress and burnout with 54% of them wanting to quit their jobs. In 2022, Forbes forecasted that one in 10 of these experts will leave the industry.

Passkey vs. MagicEndpoint

Passkey vs. MagicEndpoint

There are three types of people in the corporate world: Those who think their laptop is just an average computing device Those who use the endpoint for passwordless authentication Those who realize the endpoint can do so much more Now, if passkey were a person, they’d be in the second group: the ones who use.

new passwordless authentication

A more secure “client” for passwordless authentication

In this article, I’ll introduce a new passwordless authentication thought process: an entirely new “entity” that advanced passwordless solutions should use to achieve maximum security for businesses. If you’ve followed my past blogs, you might have noticed that I’ve addressed how using multi-device FIDO key authentication weakens FIDO security.

Leave the Hassle and Expense of the Password Era Behind

Leave the Hassle and Expense of the Password Era Behind Businesses often fall into the costly trap of repeating the same processes year after year, never taking the time to consider whether alternative, and potentially more efficient, approaches have become available. Particular ways of working can get so ingrained into a business’s routine operations that.

Implementation of user authentication strategies

A Revolutionary Innovation in User Authentication

For as long as organizations have used the internet to conduct business, online security threats such as phishing emails, credential theft and malware attacks have been an unfortunate and ever-present shadow over their digital operations. One of the foundational defenses against these threats has been the implementation of user authentication strategies.

How Zero Factor Authentication Is Securing the Future

How Zero Factor Authentication Is Securing the Future

Too often, the weight of ensuring an organization’s digital security falls on the shoulders of the poor end user. Burdened with the responsibilities of remembering multiple passwords, juggling countless devices that receive codes and keys, and trying their best not to lose their laptops, it’s no wonder there are so many security breaches in the.

I like passwords

I LIKE PASSWORDS

Like you, I want freedom, I want control of my life… and I like passwords. They give me the freedom to use what only I know, independent of what I am or what I have.

Why is a PIN better than a Password?

Our position is that, with the right authentication underpinnings – based on cryptography – a PIN is better than a password, and we’ll explain why. Let’s first consider how a PIN can be like a password.

Encryption and Authentication at the endpoint

Encryption and Authentication at the endpoint

Introduction In this blog I explain why it makes sense to use the same endpoint security solution for both encryption for data at rest on the device and authentication to servers and web services such as SaaS. First; what are the core attributes of a good endpoint encryption solution?

Solutions for the SolarWinds Attackers

Proposing Solutions for the SolarWinds Attackers’ MFA Bypass (Part 2)

In our previous article in this series, we highlighted a very serious threat to networks of all kinds: The hackers presumed to be behind the large-scale breach of SolarWinds’ Orion platform have also been linked to an attack that compromised a multi-factor authentication system. By gaining read access to  the MFA server, it’s possible for.

The Right Approach to Data Encryption

Transparent data encryption – when, where and who does data encryption WinMagic integrating existing technologies with new advanced solutions to deliver transparent data encryption, based on our 3WE approach, at the endpoint, ­before data is ever shared – which is the right way to reduce common security challenges, not simply the most convenient. The 3WE.

Data Security and the Distributed Workforce

With many businesses adopting, or at least temporarily accepting a work-from-home model as a response to recent global events, cybersecurity experts around the world are raising the alarm on the increased threat of data breaches.

“Extracting BitLocker keys from a TPM”

(Pre-Boot Authentication: Wisdom in Security – Part 3) In my September 2018 blog “Pre-Boot Authentication. Wisdom in Security Part 2”  I concluded that: “Bottom Line: ‘No PBA’ is not a wise choice for enterprises Microsoft’s reasoning that you don’t need PBA because the known memory attacks are difficult to pull off on most modern hardware.

Five Observations from RSAC 2019

Last week I had the privilege of attending the 2019 RSA Security Conference in San Francisco. As in past years, the keynotes, technical sessions and sidebar conversations were a great opportunity to learn what is top-of-mind in the security industry.

Full Drive Encryption, Key management and MBAM

(Microsoft announces end of mainstream support for MBAM as of July 2019) WinMagic’s CEO, THI NGUYEN-HUU, has blogged in the past about the ideal architecture for Full Drive Encryption, and Key Management (Separating Encryption and Key Management).

Self-encrypting deception: Weaknesses in the encryption of solid state drives (SSDs)

In the past few weeks I have been looking into the fallout from the paper [PDF] by Carlo Meijer and Bernard van Gastel from Radboud University, the Netherlands titled “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)”. From the paper’s abstract:  “In theory, the security guarantees offered by hardware encryption are similar to or.

Your Feedback Is Important To Us

For me, the title of this blog entry isn’t just a marketing slogan or a catch phrase. It’s something that I take very seriously because, just like the metrics that I keep track of, acting on feedback from customers allows the Technical Support team here at WinMagic to improve to serve you better.

Protecting Cloud Workloads against Undisclosed Access in Microsoft Azure

An international law firm and longtime customer of WinMagic has leveraged our flagship encryption and key management platform – SecureDoc Enterprise Server – to protect thousands of endpoint devices against loss or theft. In this era of digital transformation though, protecting endpoints is only one of many projects within their security and risk management portfolio.

Pre-Boot Authentication: Wisdom in Security – Part 2

In my recent blog “Pre-Boot Authentication. Wisdom in Security”  I wrote in conclusion: Bottom Line: ‘No PBA’ is not a wise choice for enterprises Microsoft’s reasoning that you don’t need PBA because the known memory attacks are difficult to pull off on most modern hardware is simply wrong because the threat is much more than.

ATM and IoT Security – Get Proactive, Be Protected

Takeaways from NCR Innovation Conference 2018 Innovation, Meet Security Digital banking has transformed the way we connect and transact with one another. From mobile banking apps to contactless payments, a focus on consumer experience has driven new technologies like never before seen.

Tech Support With Headset IT

How Can I Help You?

Recently, I was on the phone with a customer who asked me this question: “How can we better help you to help us?

BitLocker Windows 10: Compatibility is Key

Managing BitLocker in Windows 10   So you’ve heard – Windows 10 has hit the PC world by storm, with widespread adoption in the private and public sector catching up to the consumer side. According to Gartner, the adoption of Windows 10 is faster than previous OS and the traditional refresh cycles are shortening.

Yes, I Do Take Support Calls

One of the things that is unusual about me is the fact that I like to take customer support calls. Now you might find that weird as I do run a global support organization, and presumably I have better things to do than to take tech support calls when I have a staff that I.

The Human Factor

Our Product Marketing Manager, Aaron, and I had a watercooler chat the other day about taking a fresh approach to a corporation’s IT Security in the likes and regularity of spring cleaning. An approach like this would be ideal – you would have an up-to-date inventory of your hardware, you would have up-to-date software, and.

The 6 Point Data Security Spring Cleaning Checklist

As an enterprise, you should not need an occasion to ensure that your security practices are up-to-date, fine-tuned and resilient. However, when immersed in the day-to-day it’s easy to overlook or neglect some of the standard best practices to securing your environment.

Flexibility in IT

We often talk about flexibility in IT in instances of user-friendly experiences like knowing your Microsoft Word doc will open in Apple’s Pages, or the ability to accept or decline a meeting request from your iPhone with an Outlook account.  But, what is being developed behind the curtains for IT flexibility is going to change.

SC eConference Data Security

WinMagic will be exhibiting at the SC World Congress (SCWC) eConference on Data Security on Tuesday, September 24, 2013! SCWC hosts virtual conferences each month focusing on challenges that IT security professionals encounter frequently in their roles.

Keeping the random in RNG

Earlier this week my colleague Garry talked about his experiences attending the TCG conference recently and the ‘hallway talk’ about the NSA. It raised some good observations and had me thinking about a recent blog from the NY Times about the NSA and their relationship with the National Institute of Standards and Technology (NIST).

Protecting the US Cloud Industry and their Customers

You are probably, at least to some extent, aware of the controversy surrounding the now infamous online surveillance program run by a number of government agencies in the US and abroad. Almost on a weekly basis more information and details about the program are being leaked to the media.

UEFI Summerfest 2013

A colleague and I attended the UEFI Summerfest on the Microsoft Campus, in Redmond last month. It was very well run and Microsoft was a great host.

Is that laptop worth $7 million?

One of the key examples I use when talking about the importance of data encryption is the value of the data that could potentially be exposed. Is a $900 laptop worth the $1 million or more of liability potential if it’s unencrypted and lost or stolen?

Travelling is always a Security education

I’ve been doing a lot of travelling lately and talking to lots of folks about data encryption and SecureDoc specifically. It’s always interesting to get a sense of people’s perceptions around the topic and key areas of interest like Self Encrypting Drives (SEDs).

Hidden Benefits of Encryption for Legal Services

Lately we have noticed a growing interest for encryption and data security in the legal services industry. Legal services face a similar challenge as other verticals with the need to protect corporate assets being shared through multiple devices and portals.

Securing the Cloud

Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal?

What’s the right choice?

We’re a huge proponent that Full Disk Encryption (FDE) is the cornerstone of any data security solution and should be the foundation for which all solutions should be built on.

The End of Trust

Data Security and Compliance in the Healthcare Industry

As discussed in a previous post, data breaches continue to be a growing concern for organizations in the healthcare industry. Health organizations are looking for a cost effective and reliable data security solution that can protect their data, ensure compliance, mitigate business risks and decrease IT administration costs.

Building Support

We’ve teased about the SecureDoc updates coming next week, but it’s going to be more than just about updates to our software.

Continuous Improvement

This week we’ll be using a lot of our social media channels to tease the upcoming release of the latest updates to SecureDoc and this blog is no exception.

The 5 Pillars of Transparent Data Security | Secure Speak

Over the years, we have grown to be recognized as one of the leaders in the data encryption and security industry. With a transparent approach to encryption, our security tools work seamlessly in the background providing a non-disruptive workflow for the user while protecting corporate assets.

All for One

As a specialized software company that focuses on data encryption and security with strengths in key management and overall encryption management, it’s extremely important to maintain strong relationships with OEMs.

Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers to the adoption of data encryption solutions.

Emergency Services Organization Need Protection Too

When we look at the number of clients we work with on a daily basis and the magnitude of industries they represent, it’s pretty easy for us recognize that companies in all verticals are now beginning to understand the importance of securing their data.

Assessing Security & Risk

This week I’ve been in National Harbor, MD attending the Gartner Security & Risk Management Summit. As a newcomer to this event, it’s been a whirlwind few days delivering excellent content and insights into key market trends and customer needs.

Continuing the Innovation Conversation

A few months back we attended an Innovations Showcase event in Seattle where we met with prospective customers and talked about trends in data security. We were at it again yesterday in Detroit and once again, engaged in good dialogue with organizations seeking to strengthen their data security solutions.

WinMagic’s SecureDoc Powers HP Drive Encryption

We said we’d have some pretty big and exciting news a little while ago and today’s the day we deliver. We’re extremely proud to announce that WinMagic has been selected to be the exclusive provider of full volume encryption technologies for Hewlett-Packard’s Client Security solution.

Wrapping up FOSE

As you saw last week, we were pretty busy at FOSE meeting people, shaking hands and talking about data-at-rest security. It was an interesting show to say the least.

Talkin’ to Government

Today marks our first day at FOSE – the annual conference for government technology professionals. In today’s increasingly security-sensitive environment, this conference should provide some good insights as to what’s on the mind of folks working in government and how to best work with them.

Conversation Starters

Through the years I’ve come across partnerships that fail to have the right sales enablement tools in place. It’s common.

Strength in Sharing at the FS-ISAC Summit

WinMagic was a sponsor at the annual Financial Services Information Sharing and Analysis Center Summit at the Marriott Sawgrass in Ponte Vedra, Florida last week. This popular three day event introduced engaging, thought-leadership presentations and networking opportunities with representatives from the Top 100 Financial Institutions within North America.

So much to do so little time

It’s been a busy couple of weeks here at WinMagic. We announced the availability of our latest study from Ponemon and earlier this week we held a Webinar walking through the results of that study with all the key partners in the initiative.

Sharing is Caring!

We’d like to believe part of the reason WinMagic is successful comes from listening and focusing on our customers.

An innovative approach – CIOSynergy

Last week I had the opportunity to attend the CIOSynergy event in Toronto at the Trump Hotel & Tower. It was an interesting day of interacting with key IT decision makers within various organizations and learning about some of the trials and tribulations they face day-to-day.

Nothing a patch can’t fix

Historically, when we’ve had to make updates to SecureDoc we’ve issued Service Releases (SRs) to address minor bug fixes, software update and feature additions. SRs enabled us to ensure continued compatibility with things such as Mac OS X updates.

Hot Topics from the RSA 2013 Security Conference

My colleagues and I attended the 2013 RSA Security Conference last week in San Francisco, and with well over 20,000 attendees, RSA was very busy and better attended than in recent years. After the conference I polled my colleagues for their “take” on the event.

7 Myths of Encryption

We get a lot of questions and concerns around encryption and how the implementation will affect the organization. Although people recognize the benefits of encryption, there are a lot of misconceptions around the notion of encryption and its impact within an organization.

Waging the War on Passwords

We have seen large password hacks recently including: LinkedIn, eHarmony, and Yahoo. Hacks so large some in the industry call this the Password Wars.

Enlightening Conversations

Last week I attended an event in Seattle; it was a small, intimate group setting where a number of vendors talked about IT security with key business leaders. It was an interesting day full of discussion around how to secure the enterprise ranging from the cloud to end point devices.

FDE and Windows 8 – Showing off at RSA

The TCG is hosting its annual security workshop at the RSA Security Conference on Mon Feb 25th in San Francisco. I have attended for the last 5 years and always found the panels and speakers well worth the time invested to attend.

Happy Valentine’s Day! Why Marketers Love Data Encryption!

As Data breaches become more and more prevalent in today’s world it is worthwhile for Marketing and IT departments to band together to make a case for the implementation of full disk encryption in an effort to protect both privacy issues as well as brand equity. In my experience, most stakeholders understand data breaches can.

AES-NI Validation

WinMagic has a long and successful history of data encryption – pretty sure I’ve said this before. One of the key things we work to ensure is compliance and certification with things such as the Cryptographic Module Validation Program (CMVP) which is managed by the National Institute of Standards and Technology (NIST).

The CES of Security Events

Much like January marks the annual tradition of consumer electronics companies embarking on a trip to Las Vegas for the mother of all technology tradeshows, February is the time of year all security companies gather together in San Francisco for the RSA Conference.

Encryption Alphabet Soup

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a completely different meaning from discipline to discipline.

Encryption solutions & Pre-Boot Network-based Authentication

If you have been reading the various blog posts we’ve published over that past few months you’ve seen us talk about: smart cards, cloud computing security, BYOD, MDM, FDE, FEE and more. What we really haven’t delved into is one of the main differentiators we offer in the market and the fact no one has.

What’s your P@ssw0rd?

I know I’m a little late to the party, but recently I’ve been giving more and more thought to the passwords I use to access the various sites and tools I use on a day to day basis. The main reason I started thinking about this is because of Google’s introduction of the 2-step verification.

What kind of encryption is best for you?

There are plenty of ways to secure data and all have pretty acronyms: Full Disk Encryption (FDE), File and Folder Encryption (FFE), Removable Media Encryption (RME) and so on. These three are the ‘meat’ of any good encryption solution.

A new year, same mistakes

It’s 2013 and everything old is new again. It’s 10 days into the year and so far we’ve heard about at least two key data thefts and a summary penalty for exposing personal health info in the U.

How SEDs Really Work

I have been working with hardware and software encryption for well over a decade now and I have seen countless power point presentations on the advantages of hardware encryption over software encryption.

It Really Can Be That Easy – Single Pane of Glass

As I mentioned in my previous blog post, I used to run a small encryption team at a large organization before I came to work for WinMagic. One of the key responsibilities we had was to generate FISMA (Federal Information Security Management Act) compliance reports for NIST SP 800-53, AC-3 and SC-13 controls.

Plotting world domination

Last week was a busy week for us WinMagic folks. As we’ve entered the new fiscal year for the company, so began our annual Sales & Marketing Kick-off event for our FY’13.

The Need for Speed

Is software encryption on a notebook with a Solid State Drive (SSD) a non-starter due to performance concerns? This is a good question and I have heard it asked by some pretty smart people recently.

An offer you can’t refuse

This post is going to be a lot of shameless self-promotion for WinMagic but it’s something we think is important as it’s tied directly to the recent launch of SecureDoc 6.

It’s a BYOD World Embrace It or Expire.

There is a great debate raging in the security industry today on how to best provide secure corporate data in a BYOD world. The consumerization of IT and bring-your-own-device (BYOD) are becoming prevalent in organizations at lightning speed, both with and without the knowledge of corporate IT departments.

When virtual environments get too heavy

When Virtual Environments Get Too Heavy

As an encryption security vendor that is working its way into Mobile Device Management (MDM), I’m fascinated and constantly looking at new ways to secure mobile devices and company information. As someone with a background in virtualized environments, I’m even more intrigued when companies like VMWare introduce solutions.

The importance of partners

Go to market strategies for vendors varies in approach whether it’s entirely direct, indirect or an amalgamation of both. WinMagic adheres to a hybrid approach that best matching the requirements of the customer or business practices within a given region.

It’s not as hard as you might think

I was reading an article from ITWorld this week that touched on the recent data breach at the South Carolina Department of Revenue. While I find this type of thing fascinating, I also find it scary when someone says something like this: “The industry standard is that most SSNs are not encrypted… A lot of.

Windows 8 is here! Now what?

As someone that’s worked in IT for the better part of 14 years, I’ve seen my fair share of product launches. When it comes to operating systems, it’s always a cyclical engine; big flurry of attention at launch followed by mixed reaction to the product.

Smart Cards, 10 Years Later – Part 2

In my last blog, I left off talking about the different forms of authentication and the abundance of solutions available to enable multi-factor authentication (based on the directive to increase security for user authentication into laptops).

Annual TCG Members Meeting: The Slow March of Progress

I attended the TCG (Trusted Computing Group) annual members meeting last week in beautiful Vancouver and thought I would share a couple of observations. First of all, a little background – The TCG is an organization whose mandate is to set security standards for commercial use.

Nothing is ever ‘free’

Last week I attended SC Congress in New York and did a presentation talking about the results of our study with the Ponemon Institute and the cost of data encryption solutions. It was a good event, well attended and there was great turnout at the session I presented at.

Rethinking Data Security for the Public Cloud

For many, Cloud is a buzzword floating through cyber space. It is all too common to hear stories of data being compromised due to insecure Cloud hosting, spawning critical audit sweeps and apologetic corporations responding to upset customers—Yikes!

Keeping up with the Jones’

The evolution of technology goes at a breakneck pace. Whether it’s new products coming to market or updates to existing products – it’s a never-ending cycle.

Oh, so you stop hackers and stuff?

What I’d like touch on today with this post is a common misconception about data encryption and security. When I tell people who I work for and what we do, many people assume what we do is protect people from hackers.

Making the Case for Data Encryption

In August, we released the results of a survey we did with the Ponemon Institute where we examined the Total Cost of Ownership (TCO) for data encryption. To make this information even clearer, we’ve now created a handy, easy to reference infographic!

All Blogposts

View all posts

After the Login: Our CEO on What Should Protect Every Transaction You Make Next

Every World Password Day, the conversation lands in the same place. Stronger passwords. More MFA. Passkeys. All of it is good progress, and all of it is about the login.  Our founder and CEO, Thi Nguyen-Huu, wanted to ask a different question. Once you have logged in, what protects everything you do after that? His new article in the June 2026 edition of Cyber Defense Magazine, “After the Login: What Continuous, Endpoint-Bound Identity Actually Requires,” works through the answer.  Here is the short version of what he covers. The real gap is after login, not at it Identity-based intrusions make up most security incidents today. The reason is not that login is weak. It is that authentication stops once login…

Identity for the Agentic Era

In Trustworthy Agents in Practice (April 9, 2026), Anthropic made an observation the rest of the security industry has been reluctant to make plainly: “agents’ behavior depends on all four layers working together. A well-trained model can still be exploited through a poorly configured harness, an overly permissive tool, or an exposed environment.” The paper closes with a call for “infrastructure that no single company can build alone” — open protocols designed so that security properties are built into the infrastructure once, rather than patched together one deployment at a time. This paper is a response to that call. It is not a product pitch. It is an architectural argument from a company that has spent twenty-eight years building the…

Beyond Passkeys: Why Identity Needs to Live in the Present Tense

The cybersecurity industry has spent twenty years sharpening one moment: login. Passwords gave way to MFA. MFA gave way to passkeys. Each step was real progress. None of them changed the underlying architecture. That architecture treats authentication as a moment. A user proves who they are at the door. The system trusts them for hours afterward. Attackers learned that pattern a long time ago, and they no longer waste effort trying to defeat the gate. They wait for the gate to open. The session is where the breach lives now Adversary-in-the-middle (AiTM) attacks let an attacker stand between the user and the service, capturing the session cookie the moment MFA succeeds. The destination service cannot cryptographically tell the difference between…

YellowKey: A New BitLocker Attack That Shouldn’t Surprise Anyone

A researcher operating as Chaotic Eclipse (Nightmare-Eclipse on GitHub) published a zero-day exploit this week called YellowKey. It bypasses TPM-only BitLocker. All that’s needed is a USB stick and a few files. With this, the attacker can reboot into the Windows Recovery Environment which will open an elevated command prompt with the encrypted drive unlocked. WinMagic has validated that this works as described. Researchers also claim a variant that defeats TPM+PIN exists, though no proof-of-concept has been published for that one yet.  This is getting attention. It deserves some. But not the shock it’s receiving.   One more method on a long list  YellowKey is a new technique, not a new category of problem. BitLocker without pre-boot authentication has been attacked before, many times, through many doors. TPM bus sniffing on the LPC and SPI interfaces. Cold boot against DRAM remanence.…

A note on World Passkey Day

Today the FIDO Alliance has earned its applause. Over a decade of effort, and the world is finally taking the death of the password seriously. That is not a small thing, and I do not want to start by being grudging about it. Passwords were never the right primitive for the online world, and the people who built the passkey did real work to replace them. I want to use the rest of this note to say something the celebration is not yet making room for: the passkey is a waypoint, not a destination. There are three reasons, and they connect to an argument I have been making in print for some time. The first reason is cryptographic. A passkey…

Zero Trust operational technology

Zero Trust for Operational Technology: Identity Must Live in the Transaction

CISA is right that Zero Trust must extend to operational technology. The harder question — the one the guidance does not yet answer — is what identity should look like in environments where networks are intermittent, latency is unacceptable, and credentials cannot be replayed. Our position is that identity must live in the transaction itself. What CISA's OT Guidance Gets Right On April 29, 2026, CISA — together with the Department of War and the Department of Energy, the FBI, and the Department of State — released formal guidance on adapting Zero Trust principles to operational technology. The guidance correctly identifies that the IT-centric Zero Trust playbook does not transfer cleanly to OT environments. Safety, availability, and the long lifespan…

Why FIPS Matters Differently When the Endpoint Is the Authenticator

What changes when cryptographic validation stops being about data on a disk and starts being about identity in a transaction  WinMagic recently announced FIPS 140-3 validation for SecureDoc and MagicEndpoint (Certificates #5204 and #5214). For anyone familiar with full-disk encryption, the Federal Information Processing Standards (FIPS) 140 certification is expected — proof that cryptographic operations meet a federally recognized standard. The expected reading is that we've cleared the next compliance bar. The more interesting reading is that the bar has changed shape.  What FIPS Validation Used to Be For  For most of the FIPS 140 standard's history, the question it answered in the endpoint security market was narrow and specific: is the cryptography that protects data at rest mathematically sound and correctly implemented?…

WinMagic CEO Thi Nguyen-Huu featured in The Fast Mode on endpoint encryption as the missing foundation of zero trust

Why Endpoint Encryption Is the Missing Foundation of Zero Trust

Your endpoints already have the hardware to verify and prove device and user integrity continuously. The industry just has not been using them correctly. The cybersecurity industry has been looking at the endpoint backwards. The prevailing view treats endpoints as vulnerabilities to be locked down. In his interview to the Fast Mode, our Founder and CEO, Thi Nguyen-Huu argues that the endpoint is the one asset positioned to solve the identity crisis that current security architectures cannot. What Is Wrong With Today’s Approach to Identity Verification? The industry built identity verification at the destination: the cloud application, the database, the service portal. Users prove who they are over and over, dozens of times a day, through passwords, CAPTCHA challenges, and…

The Flaw in Modern Passwordless Authentication

The Flaw in Modern Passwordless Authentication

The architectural flaw behind trillions of online transactions every day — and the fix that is already possible today. The passwordless authentication protocols we rely on trillions of times a day have a fundamental flaw. Correcting it eliminates phishing, session hijacking, and AI-driven attacks — with no user action at all. This is the argument WinMagic founder and CEO Thi Nguyen-Huu has been making for years, and it is at the heart of a new in-depth feature published in the Authority Magazine recently. What Is the Fundamental Flaw in Today's Passwordless Authentication? Most organizations respond to rising threats by stacking more tools on top of what they already have: more multi-factor authentication (MFA) prompts, more procedures, more friction for the…

Electronic Signatures vs. Digital Signatures: What Most Businesses Get Wrong

Not all electronic signatures are created equal. As WinMagic CEO Thi Nguyen-Huu puts it during his interview with Forbes: “A simple electronic signature is just an image of ink on a screen. A true digital signature is pure math, legally and cryptographically binding an identity to a file.” The efficiency benefits of e-signatures are well known. Documents can be signed remotely, turnaround times drop from days to minutes, and costs tied to paper and couriers disappear. But the interview raised a more important point. Most businesses do not understand the difference between an electronic signature and a digital signature. That distinction matters. A simple electronic signature is an image of ink on a screen. It can take many forms: typing…

How Should Businesses Disable SSO for Security

How Should Businesses “Disable SSO” Without Destroying Productivity?

The era of the long-lived session is over. The most damaging cyberattacks of recent years have proven that session hijacking is the path of least resistance for modern threat actors. Attackers no longer need to steal your password. They steal your session, and they become you. In response, enterprises are increasingly attempting to "disable SSO" or more precisely, to slash the lifespan of active sessions so there is less time for a stolen token to be exploited. But here they hit a wall. The Impossible Tradeoff No enterprise can realistically drop a session to five minutes without devastating user productivity. So they compromise. They settle for sessions of a few hours, often four to eight hours. This is the worst…

60% of Cyberattacks Break Identity — Is Identity First a Bad Idea?

WinMagic CEO Thi Nguyen-Huu was recently featured in the March 2026 edition of Cyber Defense Magazine, challenging a foundational assumption in modern cybersecurity.   For years, the industry has moved away from network perimeters toward identity-based security. Zero Trust architectures reinforce this shift by requiring identity verification before granting access. At the same time, identity attacks have become the dominant threat. Today, 60% of cyberattacks succeed by breaking identity.  This reality raises an important question: Is Identity First a bad idea? The answer is no. Identity First remains the right direction. But the industry may have overlooked a more basic issue: Which identity? Identity itself was never clearly defined. Most security systems verify the user, yet grant access to the device…

What Comes Next for Passkeys?

What Comes Next for Passkeys?

Passkeys are rapidly becoming the modern baseline for secure login. They replace passwords with strong public-key cryptography, provide consistent protection across platforms, and help everyday users move away from fragile, error-prone authentication habits. The industry’s broad embrace of Passkeys is a meaningful step forward. But as WinMagic has been doing for almost three decades, we continue to challenge long-standing assumptions. One of the most foundational is the belief that verifying the user requires the user to perform an action. A fingerprint, a face scan, a PIN, a device unlock these gestures have always been treated as the necessary proof of human presence, Passkeys included. This assumption feels natural because that’s how authentication has always been done. But technology has changed,…

Why Online Access Doesn’t Need Authentication: Lessons from Spycraft

In cybersecurity, we often treat authentication as sacred. Passwords, tokens, biometrics, MFA—these rituals dominate our mental model of what it means to be secure online. But what if we’ve been asking the wrong question? What if the real goal of online access—especially in its most common form—is confidentiality, not identity? And what if authentication isn’t actually necessary to achieve that? Let’s take a step back and look at a world where confidentiality reigns supreme: spy communication. The Spy Model: Encryption Without Authentication Imagine a spy sending a message to headquarters. The message is encrypted—strongly. The recipient decrypts it using a shared key or public key. No login. No identity check. No authentication ceremony. And yet, the mission succeeds. The message…

Cybersecurity: The Puzzle We Can Solve with Common Sense!

For decades, cybersecurity has been treated as an unsolvable puzzle—too complex, too layered, too dependent on human behavior. The industry responded with more layers, more products, more frameworks—each trying to patch the last gap. But what if the answer was hiding in plain sight? What if common sense—the same logic we’ve trusted for thousands of years—could solve this puzzle beautifully? That’s what MagicEndpoint does. And here’s how. Principle 1: Accuracy Starts with What You Can Verify Best In real life, we verify what’s easiest and most reliable: Traffic systems check cars—with license plates—not drivers. Athletes wear numbers so referees can identify them accurately on the field. Applying to cybersecurity: Instead of verifying “just the user,” we verify user on device. Why?…

The Forgotten Factor in the Authentication Hall of Fame

For decades, authentication has been built on three pillars: What you know (passwords, PINs) What you have (tokens, phones) What you are (biometrics) These factors have served us well. They’ve become the Hall of Fame of authentication. But what if there’s another factor—one that makes authentication harder for attackers to fake and easier for users to experience? In fact, unlike the existing three, this factor doesn’t require the user to do anything extra at all. No extra steps. No friction. Just stronger security, built from what users already do naturally. At WinMagic, we’ve spent years asking a simple question: How do we make authentication stronger without making life harder for users? That search led us to a breakthrough: the missing factor isn’t another credential…

Why IAM Keeps Searching Under the Streetlight

(And How We Can Finally Look Where the Key Was Lost) There’s an old joke that goes like this: A man is searching for something under a streetlight. Someone asks, “What are you looking for?” He replies, “A key.” “Where did you lose it?” “Over there.” “Then why don’t you search over there?” “Because here is the light—I can see better.” Funny? Yes. But it’s also a perfect metaphor for how the Identity and Access Management (IAM) industry approaches security. The Streetlight Effect in IAM When it comes to authentication, most vendors focus on what’s easy and visible—using the phone as an out-of-band (OOB) authenticator. Why? Because building an app and pushing notifications is simple. The phone is “under the…

Zero Trust Mandates Next-Gen IAM. Here is Why!

Zero Trust Mandates Next-Gen IAM. Here is Why

We all agree on the goal: verify continuously—the user, the device, and the situation—throughout access. That’s the direction Zero Trust points us toward. But most IAM tools still check once and then trust for hours. That leaves a long window where things can change—and attackers take advantage of it. They don’t always break the login. They reuse the session that comes after. Tokens and cookies are easy to carry and hard to control. So organizations respond by turning off SSO for sensitive apps and adding more MFA prompts. People get slower and more frustrated, and breaches keep happening. If Zero Trust and real security matter, IAM has to change. A next generation model is needed. Let’s Clarify the Obvious –…

Did your login pass or fail?

Did your login pass or fail?

Few people realize that, for IT security, an authentication should deliver more than a verdict—pass or fail. The very terms we use—login, sign‑in, authentication, verification—frame the process as a decision that ends in a verdict. But a verdict alone doesn’t secure anything. Endpoint reality: authentication must unlock Consider your endpoint—the device (PC or phone) you use to work and access the internet and network resources. A secure design must address a few essentials: The device’s data must be protected (securely encrypted). An attacker can have the endpoint in their possession and try to read raw data on disk—or even in memory if the device is powered on. The encryption key must not be available before user login. Hiding the key “somewhere only R&D knows”…

Why “No User Action” Feels Impossible—And Why It’s the Future of Security

The Myth We’ve All Believed: Friction = Security For decades, security has been synonymous with effort. Passwords, MFA prompts, push approvals—these rituals feel like proof that something secure is happening. The heavier the friction, the safer we think we are. But here’s the uncomfortable – or possibly very comfortable – truth: Friction doesn’t equal security. It equals risk. Every prompt is an opportunity for phishing, fatigue, or AI-driven social engineering. Attackers don’t break cryptography—they exploit human behavior. Why “No User Action” Sounds Unreal When we say “No User Action” (NUA), most people can’t fathom it. Why? Because common wisdom says: “If I don’t do something, how can it be secure?” This mindset is so ingrained that even security professionals hesitate. They assume…

The Hidden Cost of SSO: Why the “SSO Tax” Is Draining Your Budget—and How MagicEndpoint Stops It

Single Sign-On (SSO) is marketed as a security and productivity booster. But for many businesses, it comes with a hidden price tag: the SSO tax—a cost multiplier that vendors use to upsell you into expensive enterprise tiers. What Is the SSO Tax? The SSO tax is the extra cost vendors charge to enable SSO features like SAML or OpenID Connect (OIDC). Instead of being a standard security feature, SSO is often locked behind premium plans or add-ons. GitHub: Upgrade from $4/user to $21/user for SSO—a 525% increase. HubSpot: Extra $2,800/month just to enable SSO. Figma, Asana, Calendly: Similar patterns—SSO is treated as a luxury, not a necessity. For large organizations, this can mean hundreds of thousands in extra costs every year—just to avoid password chaos. More information on how…

Beyond SSO: Short Sessions & Always-On Security for Service Providers

Beyond SSO: Short Sessions, Always-On Security

How Service Providers Can Leverage MagicEndpoint Today Traditional SSO optimizes for convenience: authenticate once, trust a session for hours or days. That convenience comes with exposure: stolen tokens = borrowed identity until the session expires. MagicEndpoint (ME) flips the equation. By making re-authentication frictionless and continuous, Service Providers (SPs) can shrink token lifetimes to minutes and re-verify frequently—without prompting users. This single change slashes the attacker’s window while preserving a seamless experience. It’s the most impactful step you can take right now—and it sets the stage for The Secure Internet (SI), where transport-layer trust closes the loop. 1. The Problem with Long-Lived Sessions SSO operates at two levels: - IdP-Level SSO: The Identity Provider authenticates the user once and creates…

MagicEndpoint passwordless SSH authentication with FIDO2 and TPM for enterprise security

Introducing MagicEndpoint – SSH key management for Authentication for the Enterprise

With the introduction of MagicEndpoint enterprise support for SSH, enterprise users now get seamless “no user action” access to SSH servers. Instead of password our solution uses SSH with keys whereby the private key is hardware protected and is never shared. This is extremely secure; much more secure than most other key-based SSH solutions where the keys are protected with just software. Previously I wrote about our free standalone version of SSH key manager for Windows client machines that leverages FIDO SSH keys:  https://winmagic.com/en/freeware-released-securing-ssh-access-with-magicendpoints-fido-tpm-innovation/ To recap, once the user authenticates locally on the Windows device the SSH FIDO keys become “accessible”, and the user seamlessly logs into their SSH server. WinMagic’s MagicEndpoint standalone client offers an intuitive and user-friendly way…

MagicEndpoint secure authentication using mobile GPS, Bluetooth, and geofencing

Enhancing Authentication Security with Geolocation and MagicEndpoint

In today's digital landscape, ensuring the security of user authentications is paramount. One innovative approach to bolster security is through the use of geolocation. By integrating geolocation data into authentication processes, services like MagicEndpoint can significantly enhance security measures. This blog will explore the various methods of geolocation, including IP and GPS, and highlight why mobile phone GPS with a Bluetooth link to a computer is a superior approach. Understanding Geolocation Methods Geolocation refers to the process of determining the physical location of a device. There are several methods to achieve this, with IP geolocation and GPS being the most common. IP Geolocation: This method involves mapping an IP address to a physical location. IP geolocation services use databases and…

Secureing SSH Access

Freeware Released: Securing SSH Access with MagicEndpoint’s FIDO-TPM Innovation

SSH (Secure Shell) is a cryptographic network protocol in use since 1995. It was created by Finnish computer scientist Tatu Ylönen in response to a password-sniffing attack at his university. Since then, SSH has become a fundamental tool for secure communication over unsecured networks, widely used for remote server management, secure file transfers, and more.   Servers, both Linux and Windows, support the host side of the SSH protocol and there are client-side implementations for both Linux and Windows too. Tatu’s network encryption addressed the password-sniffing attack but as you know that is not the only problem with passwords.   Passwords are often shared for server access leading to a lack of “accountability”.  Other problems with passwords include being guessable, reuse, phishing,…

The Correct Identity — in order to implement Executive Order 14144 January 16, 2025 with No User Action

The Correct Identity — Implementing Executive Order 14144 (January 16, 2025) with No User Action

On January 16, 2025, President Joe Biden issued an Executive Order (EO) calling for the Federal Government to adopt proven security practices to enhance identity and access management (IAM), improve visibility into security threats, and strengthen cloud security.  While the Executive Order sets forth a commendable vision, we believe the call to adopt proven, existing industry practices is unusable and impractical, as no such proven practices currently exist. The industry has not succeeded in effectively guarding against cyber threats. Instead, consider leveraging WinMagic’s approach—perhaps unfamiliar to you and therefore deemed unproven, yet built on the right foundation with the right thinking: a revolutionary, all-important identity-centric concept. This practice offers a level of security superior to any method currently known, with…

HEADER Open Letter

Open Letter to IT Security Technology Thought Leaders: Embracing New Approaches to Defend Against Cyberattacks, Minimizing User Burden

Key issues: With over 25 years of continuous innovation, WinMagic has consistently raised the bar in endpoint encryption. Leveraging our expertise in applied cryptography and endpoint protection for online access, we believe new ways of thinking can revolutionize cybersecurity to the extent that account hijacking is eliminated, with NO user burden. We will highlight current challenges and present potential solutions or ideas unseen elsewhere. While we understand industry skepticism, we're optimistic that these novel approaches will garner support and that the industry will refine and expand upon them. Our commitment lies in continuously improving these solutions and integrating them into industry standards and platforms for wider adoption. This letter primarily addresses businesses with the majority of our strategies equally relevant…

What’s wrong with verifying users when they try to access online accounts?

The industry's longstanding approach to user verification for online accounts might seem foolproof given its widespread adoption. After all, if everyone's doing it, it must be effective, right? The Challenge with Traditional Verification Current solutions typically verify both the user and, following the Zero Trust principle, possibly the endpoint when a user logs into an online account. While passwords, multi-factor authentication (MFA), and public key-based methods like FIDO and PKI have become the norm, are they truly effective against today's advanced threats? Notable breaches at major corporations such as MGM Resorts and Caesars suggest otherwise. For years, WinMagic has advocated that public key-based authentication — specifically between the endpoint or its peripheral without relying on an out-of-band phone — is…

Competitive Advantages of PBA

Competitive Advantages of Pre-Boot Authentication in Passwordless Secure Authentication

Competitive Advantages of Pre-Boot Authentication In the ever-evolving landscape of digital threats and cybersecurity challenges, the quest for secure and user-friendly authentication has led to the rise of passwordless solutions. Passwordless authentication — relying on methods such as biometrics and hardware tokens — offers a seamless user experience while eliminating the vulnerabilities associated with traditional passwords. However, to fortify these advancements, one formidable weapon in the arsenal of cybersecurity is pre-boot authentication (PBA). PBA refers to the process of authenticating a user or verifying the integrity of a system before the operating system (OS) loads. This security measure provides several competitive advantages, particularly in the realm of computer and data security, and is an often-overlooked hero in cybersecurity prevention. This…

WinMagic Discovered a Flaw in TLS and FIDO

WinMagic Discovered a Flaw in TLS and FIDO

Introduction In the ever-evolving landscape of cybersecurity, SSL/TLS has emerged as the preeminent security protocol, fortifying trillions of daily interactions through HTTPS across web browsers. The TLS protocol, meticulously developed by some of the brightest minds in the industry, stands as the bedrock of internet security, setting the gold standard for safeguarding data during transmission. Indeed, TLS has become synonymous with resilience and adaptability. However, WinMagic has made some recent discoveries that we believe will change the cybersecurity space and one of them sheds light on a fundamental flaw that affects TLS and various solutions — in the core design — which use encryption or authentication like FIDO. FIDO and TLS: A Symbiotic Relationship? FIDO and TLS have traditionally served…

Open Letter Addressing NSA and CISA New IAM Guidance Document

WinMagic applauds the joint NSA and CISA effort in creating the document “Developer and Vendor Challenges: Identity and Access Management.” The file provides pragmatic help to the community of vendors and developers and will benefit them greatly. For our part, we’d like to offer the below suggestions. We’ve categorized our suggestions into two sections — “MFA Definitions and Policy Changes” and “Standards Improvement Opportunities” — but the suggestions apply to many sections of the “Developer and Vendor Challenges” document. WinMagic understands that some of our comments and proposals below are different and unconventional. We strongly believe that our innovative ways of thinking are most applicable to current state-of-the-art technologies and the industry’s zero-trust principles. Regarding the “Developer and Vendor Challenges”…

Tackling the Caesars and MGM Hacks with Secure Authentication Fallback

Early September 2023, two of the world’s largest casino hotel companies — MGM Resorts and Caesars — were struck by ransomware attacks. In the week after, Caesars stated that the company had been a victim of “a social engineering attack on an outsourced IT support vendor used by the Company.” The hackers exploited a weak point in these companies’ security, underscoring the urgency of readdressing and improving our approach to online security. Fallback Vulnerabilities To gain access to sensitive data, hackers exploited these Okta users’ fallback method: the account reset or recovery process for when a user forgets their password or can’t log in with their usual multi-factor authentication (MFA). Following these attacks, Okta warned its customers against a new…

Why Relying on Phones for Online Authentication Is a Bad Idea

In 2022, the US Government released memorandum M-22-09 addressing the requirements for achieving zero-trust security. This introduction has sparked a new standard of cybersecurity for organizations that are looking to stay a few steps ahead of cybercriminals. Zero-trust security requires an on-guard approach where “no actor, system, network, or service operating outside or within the security perimeter is trusted” (M-22-09). Regarding authentication, zero-trust security requires the “continual verification of each user, device, application, and transaction.” So, let’s have a look at passwordless authentication solutions today. Why do they rely on the phone? The phone is neither the user nor the device. So, what’s the point of verifying the phone through multi-factor authentication (MFA)? Phone-Based Authentication Today Most of today’s traditional…

Passwordless for Government: A WinMagic Webinar

“I'm very excited to tell you more about our passwordless authentication, today. I believe it is game-changing and it will change the cyber security market,” said Thi Nguyen-Huu, Founder and CEO at WinMagic, during our “Passwordless for Government” webinar, hosted jointly with Carahsoft Technology Corp. [su_youtube url="https://youtu.be/sDyrwA1RYyE"] Leading the webinar, Garry Mccracken, CISO at WinMagic, began with the following descriptions of government security guidelines and executive orders: EO 14028. In May 2021, the federal government released Executive Order (EO) 14028. Executive orders tend to contain high-level policies, and this one was no exception. The order mandated that federal government sectors adopt new security best practices, pushing for zero-trust architecture and faster transitions to the cloud. M-22-09. The next major order…

Avoid Cybersecurity Stress Burnout

8 Ways to Avoid Cybersecurity Stress Burnout

A recent report suggests that a majority of cybersecurity professionals experience extreme stress and burnout with 54% of them wanting to quit their jobs. In 2022, Forbes forecasted that one in 10 of these experts will leave the industry. Cybersecurity burnout is real and is wearing down many of our fellows. With cyberattacks growing more sophisticated by the week, professionals are stressed around the clock. Still, there are some ways to support these cyber whizzes. The best way to thwart cybersecurity stress burnout is to keep it from taking hold in the first place. Here are a few simple tricks that can help minimize stress levels. 1. Take Regular Breaks Companies, employees, and cyber specialists themselves should encourage frequent breaks…

MFA and Zero-Trust Misconceptions Prevent Effective Solutions

MFA and Zero-Trust Misconceptions Prevent Effective Solutions

The WinMagic team believes we can revolutionize the cybersecurity of the world. Our latest authentication solution, MagicEndpoint, is ready to deliver the most secure authentication with the best user experience. Incredible? Unbelievable? Yes. Not because we can do magic, but because we recognized some misconceptions that prevented previous solutions from being effective. What are these misconceptions? Are you ready to be shocked? 🙂 There are two main misconceptions: MFA (multi-factor authentication) is needed for online authentication. The best security requires continuous verification of each user, device, application, and transaction. And, from there, these next misconceptions appeared, even if they might seem unrelated to the main one: Frictionless access is ideal, but we should be realistic to know frictionless means no…

Device-Level Signals: Framework of Zero Trust Security

Device-Level Signals: Framework of Zero Trust Security

The U.S. government is tightening the reins, requiring agencies to comply with Zero Trust architecture (ZTA) by the end of September 2024. This strategy is targeted toward thwarting increasingly sophisticated and persistent cyberattacks. Zero Trust protocols are essential to safeguarding federal, medical, financial, and other high-risk industries. In the words of the U.S. government, “To deliver on these missions effectively, our nation must make intelligent and vigorous use of modern technology and security practices, while avoiding disruption by malicious cyber campaigns” (M-22-09 Federal Zero Trust Strategy). It’s up to industry-leading cybersecurity solutions to support companies’ Zero Trust security objectives. The foundation of the ZTA is that no actor, system, network, or service outside or within the security perimeter will be…

Passkey vs. MagicEndpoint

Passkey vs. MagicEndpoint

There are three types of people in the corporate world: Those who think their laptop is just an average computing device Those who use the endpoint for passwordless authentication Those who realize the endpoint can do so much more Now, if passkey were a person, they’d be in the second group: the ones who use the endpoint for passwordless authentication. This group is the vanguard for leaving password-based and traditional MFA techniques — which include SMS, PUSH, or OTP verification — in the past. The biggest problem with traditional MFA is that it’s not phishing resistant, which is why the world is so eager for passkey options. The second biggest problem with traditional MFA is that it doesn’t create a…

new passwordless authentication

A more secure “client” for passwordless authentication

In this article, I’ll introduce a new passwordless authentication thought process: an entirely new “entity” that advanced passwordless solutions should use to achieve maximum security for businesses. If you’ve followed my past blogs, you might have noticed that I’ve addressed how using multi-device FIDO key authentication weakens FIDO security. The National Institute of Standards and Technology (NIST) also acknowledges risks associated with multi-device keys: “Multi-factor cryptographic software authenticators SHOULD discourage and SHALL NOT facilitate the cloning of the secret key onto multiple devices.” — 5.1.8.1 Multi-Factor Cryptographic Software Authenticators FIDO2 is today’s paragon for a secure online authentication approach that’s significantly stronger than traditional MFA. FIDO protocols are also the foundations of the advanced passkey solution that was recently developed…

5 Reasons to Update Your WinMagic SecureDoc Investment

5 Reasons to Update Your WinMagic SecureDoc Investment

We all use software in our daily lives. Some of it is for personal use, and some of it to support the enterprises that we work for. In both cases, it is in our best interests to keep that software up to date. When it comes to WinMagic products specifically, there are benefits that come with keeping up to date with the latest versions. I’ll list them below along with a suggestion about how you can keep up to date in a pain-free manner. Security: All major versions can include security updates that protect your server and your endpoints. Thus, it’s important that our customers at least keep up with all major releases as security is a top-of-mind item these…

Strengthen Your Linux Endpoint Security

Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption

With the rise of cloud computing and mobility and the remote work environment brought on by the pandemic, securing Linux endpoint devices has never been more challenging for the organization and its IT department. Endpoint encryption designed to protect data stored on endpoints such as devices, hardware and files has always been an essential component of a strong Linux endpoint security strategy; however, perimeter security is no longer effective in protecting against sophisticated threats in this modern, mobile era. Instead, organizations need a model that provides multiple fail-safes to strengthen their defenses against today’s advanced cyberattacks. To understand what is required to fortify a modern Linux infosec architecture with a robust endpoint security strategy, we spoke with industry-leading Linux endpoint encryption…

Leave the Hassle and Expense of the Password Era Behind

Leave the Hassle and Expense of the Password Era Behind Businesses often fall into the costly trap of repeating the same processes year after year, never taking the time to consider whether alternative, and potentially more efficient, approaches have become available. Particular ways of working can get so ingrained into a business’s routine operations that no one thinks to step back and ask, “Is there a better way to get this work done?” Line items in annual budgets often get renewed every year simply because that’s the easiest – if not the smartest – way to keep things moving in fast-paced corporations. We might want to call it the “This is the way we’ve always done it” syndrome. Even if…

Implementation of user authentication strategies

A Revolutionary Innovation in User Authentication

For as long as organizations have used the internet to conduct business, online security threats such as phishing emails, credential theft and malware attacks have been an unfortunate and ever-present shadow over their digital operations. One of the foundational defenses against these threats has been the implementation of user authentication strategies. Quite simply, these involve any authorized user taking some action to prove they are who they claim to be. Once authenticated, they are granted access to the system and are free to carry out their responsibilities. Over the years, these authentication methods have evolved to offer better security, but not always better user experiences. Today, however, a new approach is satisfying both factors. To gain a full understanding how…

The endpoint is the key to next-generation

A new way of thinking: The endpoint is the key to next-generation, no user action, authentication

To ensure a corporate network is fully secured against today’s many cyberthreats, the authentication of any person wishing to access it is an absolute must. Verifying that someone is a legitimate user and not a hacker or cyber-criminal is a fundamental piece of the information security puzzle. Yet, authenticating users has traditionally been a distinctly user un-friendly process, requiring passwords to be remembered, keys to be transmitted and typed in, and other burdensome hoops set up for users to jump through. Thankfully, a modern, next-generation authentication solution offers a much simpler experience for your users. In fact, in involves no user action at all. To understand how revolutionary this new approach is, let’s clarify a few oft-heard questions to dispel…

How Zero Factor Authentication Is Securing the Future

How Zero Factor Authentication Is Securing the Future

Too often, the weight of ensuring an organization’s digital security falls on the shoulders of the poor end user. Burdened with the responsibilities of remembering multiple passwords, juggling countless devices that receive codes and keys, and trying their best not to lose their laptops, it’s no wonder there are so many security breaches in the news. It’s high time for a new approach that shifts that responsibility somewhere more appropriate. Fortunately, a new concept in enterprise security now exists to do exactly that. It’s called Zero Factor Authentication (ZFA) and, when done right, it makes the long-sought-after reality of Zero Trust Network Access (ZTNA) achievable for organizations. Before we dive into these groundbreaking approaches and how they are helping businesses…

I like passwords

I LIKE PASSWORDS

Like you, I want freedom, I want control of my life... and I like passwords. They give me the freedom to use what only I know, independent of what I am or what I have. I can change my password often, and to the extent that no one can guess what I use as my password, I have a familiar sense of security. Also like you, I hate passwords, the way we must use them these days. I dislike having to remember many long and complex passwords. I also dislike the fact that the password I use is transferred to the server, and that attackers can potentially find it and take over my account. I am uncomfortable with the possibility…

Why is a PIN better than a Password?

Our position is that, with the right authentication underpinnings – based on cryptography – a PIN is better than a password, and we’ll explain why. Let’s first consider how a PIN can be like a password. We concede that PIN and a Password have certain similarities.  They each: Are something the user will know and must remember. Are something the user will keep secret, and will not share (or should not share, if he/she hopes to keep secure whatever the PIN or Password is intended to protect). Can be quite similar in format - A PIN can be a set of digits like 342894, but enterprise policy might require complex PINs that include special characters and letters, both upper-case and…

What is passwordless and why does it take a journey to get there?

Let’s start the journey with the destination in mind.   In a passwordless world you will no longer need to remember a complex string of letters, numbers, and special symbols for each site or server you connect to.  In a passwordless world you will no longer need to type or enter these passwords. In a passwordless world you will no longer need to think of new complex strings of letters, numbers, and special symbols every 90 days to update your many passwords.  In a passwordless world you will no longer need to worry about your password being leaked in a server breach.  In a passwordless world you can’t be phished into typing your password into an attacker’s site. In a passwordless…

Encryption and Authentication at the endpoint

Encryption and Authentication at the endpoint

Introduction In this blog I explain why it makes sense to use the same endpoint security solution for both encryption for data at rest on the device and authentication to servers and web services such as SaaS. First; what are the core attributes of a good endpoint encryption solution? By endpoint encryption I mean Full Disk Encryption (FDE)  or File and Folder encryption.  The encryption should occur transparently and have little or no impact on the user’s daily experience.   Users probably don’t even know it is happening.    But how can you trust that the encryption is done correctly if you cannot “see” it.   The answer is to select a vendor that has been doing it right for many years, uses…

Choosing the right architecture to establish and maintain a user session with the “authentic” user.

The purpose of this blog is to examine the issues related to a Relying Party (RP) authenticating a user, establishing a user session with that user, and then maintaining confidence that the user at the other end of the session (the endpoint) continues to be the “authentic user” for the duration of the user session.  We start from the premise that asymmetric key based authentication is superior to other methods such as SMS text and OTP.   Rather we focus just on the issue of endpoint vs out of band authentication. Concepts and definitions used in this blog include: Authentication Channel: The channel or path between parties used to perform the authentication in the first place to establish the user session…

Solutions for the SolarWinds Attackers

Proposing Solutions for the SolarWinds Attackers’ MFA Bypass (Part 2)

In our previous article in this series, we highlighted a very serious threat to networks of all kinds: The hackers presumed to be behind the large-scale breach of SolarWinds' Orion platform have also been linked to an attack that compromised a multi-factor authentication system. By gaining read access to  the MFA server, it's possible for a bad actor to generate false cookies and gain authenticated user privileges. As it stands today, there's a lack of adequate solutions for this type of attack, which pinpoints the weakest link in an MFA system to bypass what is otherwise a reliable authentication method. In this article, we'll sketch out proposed solutions that can neutralize this serious threat to networks. Scope of the solution…

Can we prevent the SolarWinds attacks’ associated MFA bypass?

Can the SolarWinds’ MFA bypass attacks be prevented?

The SolarWinds attack has been in the news a lot lately. In short, bad actors managed to inject an update to the SolarWinds Orion platform with malware, compromising the popular network software. Since Orion runs on thousands of internal networks worldwide, attackers potentially gained privileged access to countless servers. While SolarWinds has since scrubbed the malicious software from its downloads page, the event was illustrative of the threats facing modern businesses. There are several ways for malicious users to target companies running compromised network software. In this post, we'll look at a type of intrusion carried out by the SolarWinds hackers that is relevant to the authentication space: attacks that affect authentication cookies. How would an attacker compromise authentication cookies?…

The Right Approach to Data Encryption

Transparent data encryption – when, where and who does data encryption WinMagic integrating existing technologies with new advanced solutions to deliver transparent data encryption, based on our 3WE approach, at the endpoint, ­before data is ever shared - which is the right way to reduce common security challenges, not simply the most convenient. The 3WE Approach Where… must data be encrypted? WinMagic believes that the industry as whole does not adequately educate customers on WHERE data must be encrypted.  We believe strongly that data should be encrypted EVERYWHERE, and even in memory. WinMagic unifies and simplifies encryption across more devices and VMs than any other provider, helping you encrypt more of your data, with less effort and cost   When……

Passwordless-is-not-MFA

Passwordless does not mean Multi-Factor Authentication

How does a machine authenticate a user? IT security professionals normally think of multi-factor authentication (MFA) with the factors being what you know, what you have, and what you are. The various factors strengthen the authentication and thus are recommended these days. On a laptop, the machine would let you enter the password (what you know), insert a physical token (what you have), and check your fingerprint or face recognition (what you are). What happens if the machine is a remote server? A remote server typically cannot check if a physical token is inserted, nor if the fingerprint matches. Server side biometrics matching is questionable due to many reasons, see among others https://noknok.com/blog-post/the-anti-pattern-of-server-side-biometric-secrets/. The server can only authenticate a user…

Home Safe Home: Quick tips to keep your data secure during the COVID-19 outbreak.

With many businesses adopting, or at least temporarily accepting a work-from-home model as a response to COVID-19, cybersecurity experts around the world are raising the alarm on the increased threat of data breaches.  Here are 7 tips to help your company keep data secure while being corporately responsible. Employees: Who has access, who should not, and what’s the right move? Organizations need to have a tight grip on employee rights management so that your sensitive data does not depart with your employee, or, be open access to anyone.  Check that authorized individuals in the organization can assign access rights and credentials quickly and, be able to delete them just the same. Apply least privileges to identity access management Organizations should…

Data Security and the Distributed Workforce

With many businesses adopting, or at least temporarily accepting a work-from-home model as a response to recent global events, cybersecurity experts around the world are raising the alarm on the increased threat of data breaches.  On March 06, 2020, the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency provided guidance on how to protect against scams exploiting coronavirus fears.  Other agencies, such as the World Health Organization (WHO), have done the same. Working Remotely extends the Data Risk Plane We are now hearing from our own customers who are swiftly relaxing their company work from home policies.  Most often this is entailing allowing employees to work remotely on company-issued laptops or desktops and, allowing them to use…

Protecting your Corporate Assets with Cryptographic Keys: An Interview with our VP of Technology, Garry McCracken

Our Vice President of Technology, Garry McCracken was recently invited to participate in an interview by Ravi Das, CyberSecurity Consultant and host of BiometricNews.net, a podcast for security news and information.  The podcast offers a glimpse into Garry’s career journey, and how he ultimately landed on a career in cryptography, and with WinMagic. Through the podcast, Garry provides a detailed look into the importance of data security and encryption, discussing some of the most common and arising data security pain points on endpoint, virtual and cloud environments, today.  From the dangers of simply losing a USB key to threats from more dedicated adversaries, it’s evident that the data security risk plane is real and growing. When turning to WinMagic’s products…

Connecting to Customers through Feedback

We here at WinMagic take customer feedback seriously.  From Product Development and Management, to Sales and Marketing, to Billing and Support, we’re always striving to do what’s right for our customers.  On our Support team, we’ve recently revamped our customer experience process to better address the feedback that we receive from our customers. In 2019, we partnered with Survey Monkey to find ways to gain actionable intelligence out of our customer surveys and put ourselves to work on improving any areas of concern.  The result?  Not only did we increase our Net Promoter Score and customer satisfaction scores, but we were also able to positively affect renewal rates.  We’ll continue to use our customer feedback to better our business, so…

FDE and the Opportunistic vs Dedicated Adversary (Do a Risk Assessment)

I have always been a proponent of doing a security risk assessment in order to determine the amount and depth of controls required to protect information appropriately.   Risk is a function of the probability and the impact of a successful attack.   The higher the probability, and the higher the impact, the higher the risk. For a given attack to be probable there needs to be some vulnerability to exploit and a threat.  NIST defines threat as “Any circumstance or event with the potential to adversely impact organizational operations … through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service.”  ( https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-150.pdf ) A threat becomes real when there is someone willing to exploit…

WinMagic – our vision for better data security in a complex world.

It has been over 21 years since I founded WinMagic and started working on SecureDoc, a simple but sophisticated full disk encryption product.   Over the years I have learned a lot and developed insights and opinions regarding the state of data security and the role encryption should play in it.   Of course these insights and opinions are constantly being refined and adapted because the technology and threat landscape is also constantly changing. Nevertheless I think it is worthwhile to put them on paper at this point in time and go on record with my view: ➤ WinMagic’s vision statement. In this paper I have outlined the challenges and opportunities in the data security landscape and our vision on how these…

When and where should sensitive data be encrypted? The revealing answers might surprise you!

After having run WinMagic with the main focus as a data encryption company for more than 20 years, I asked our team for the first time last week the very basic question: When – and where – should sensitive data be encrypted? The answers are eye opening for me. Ideally, sensitive data should always be encrypted except when it is being processed*, e.g. used by an application, which requires plaintext data With expertise in disk encryption we determined that data should be only decrypted in RAM memory for the CPU to work on; our disk encryption encrypts the data before it is written to the disk. But with advancements in memory encryption, the RAM can actually be always encrypted, with…

Your Linux-Based Laptops, Desktops and Servers: Do You Need To Encrypt Them To Comply With GDPR?

On April 24, 2018 Patrick Townsend, CEO and founder of Townsend Security published a blog considering the relevance of encryption to GDPR compliance.   A year later, we agree that Mr. Townsend’s blog remains a relevant starting point for enterprises on-the-fence about the wisdom of encrypting all data.  As we hit the 1-year anniversary of the GDPR’s ratification, many of our customers should be asking: Should Linux laptops, desktop, servers and embedded systems with storage (herein referred to as Linux Devices) be encrypted to comply with GDPR?  The short answer to this question is yes. The first wave of GDPR fines have been substantive (€50M is the highest so far) and handed out quickly (many within 4 months of investigation). And…

Great Product Development Begins with a Solid Foundation of Corporate Excellence

Enterprises are increasingly concerned about data security and data protection.  They need to have access to the rights tools to ensure that users and systems administrators are able to properly protect and secure company and customer data.  As a member of WinMagic’s technical team, I believe that WinMagic’s unique engineering environment is a source of innovation and competitiveness in the data security sector, and ultimately helps us in providing the most comprehensive data encryption solutions on the market. WinMagic is ideally positioned to take on these evolving challenges head-on, and through cross-industry participation, due to a nexus of corporate culture, executive management, and product delivery.  Let’s drill down a bit further.  How exactly are we doing this? Active engagement from…

“Extracting BitLocker keys from a TPM”

(Pre-Boot Authentication: Wisdom in Security – Part 3) In my September 2018 blog “Pre-Boot Authentication. Wisdom in Security Part 2”  I concluded that: “Bottom Line: ‘No PBA’ is not a wise choice for enterprises Microsoft’s reasoning that you don’t need PBA because the known memory attacks are difficult to pull off on most modern hardware is simply wrong because the threat is much more than just those attacks”. Just last week, one such attack made headlines.  Our customers asked us about the recent report titled “Extracting BitLocker keys from a TPM”  by Denis Andzakovic from Pulse Security.  In that report the author concluded “Don’t want to be vulnerable to this? Enable additional pre-boot authentication.” (my bolding) Let me explain.  In…

Five Observations from RSAC 2019

Last week I had the privilege of attending the 2019 RSA Security Conference in San Francisco. As in past years, the keynotes, technical sessions and sidebar conversations were a great opportunity to learn what is top-of-mind in the security industry.  Here are five observations that I came away with: GDPR is Alive and Kicking – Stats Show Most Enterprises are Still Not Ready 50M Euros was the number hot on everyone’s lips. The EU’s General Data Protection Regulation came into force on May 25th, 2018 and regulators have been busier than expected.  On January 21, 2019 the French regulator CNIL set the record for the largest GDPR award to date by fining Google €50M for failing to comply with its…

Working Hand-in-Hand with Microsoft Provides Customers Confidence in SecureDoc Windows 10 Compatibility

Customer confidence in your solution is critical to success.  That’s why WinMagic works diligently to ensure that our solutions support the environments that our customers use.  And for most of them, that’s Microsoft Windows. For years, WinMagic has participated in Microsoft’s various vendor programs.  We’ve been a Microsoft Partner, working alongside Microsoft to provide integrated, reliable data protection across all your Windows deployments.  We’ve also participated in the Microsoft Windows 10 Insider Preview Program.  Participating in these programs enables WinMagic to ensure release quality and support confidence with our products, so that we can best support our customers.  But what happens when unforeseen issues arise? When a SecureDoc compatibility issue arose after a Windows update last year, we sprung into…

Linux Servers and Encryption – the Need and the Solution

In the past, I have tried to make the case for encrypting physical servers on premises.  The argument for not needing to encrypt them is that these servers usually run for weeks, months, or even years without being brought down. And, that they are physically protected within a well-fortified data center.  The protection that Full Drive Encryption (FDE) brings only really applies to data at rest, and it seldom is at rest on these servers. (more…)

Full Drive Encryption, Key management and MBAM

(Microsoft announces end of mainstream support for MBAM as of July 2019) WinMagic’s CEO, THI NGUYEN-HUU, has blogged in the past about the ideal architecture for Full Drive Encryption, and Key Management (Separating Encryption and Key Management).  By separating key management, which includes authentication, from the actual encryption layer, one is able to use a single key manager for many platforms while allowing the best individual encryption solutions to be selected and used for each use case where storage encryption is needed. In my opinion, BitLocker is a good choice for the encryption layer on Windows primarily because encryption is a low level function best done by the OS for compatibility (or even better done in the hardware of the…

Self-encrypting deception: Weaknesses in the encryption of solid state drives (SSDs)

In the past few weeks I have been looking into the fallout from the paper [PDF] by Carlo Meijer and Bernard van Gastel from Radboud University, the Netherlands titled “Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)”. From the paper’s abstract:  “In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret” … “This challenges the view that hardware encryption is preferable over software encryption. We conclude that one should not rely solely on hardware encryption offered by SSDs.” (more…)

Your Feedback Is Important To Us

For me, the title of this blog entry isn’t just a marketing slogan or a catch phrase. It’s something that I take very seriously because, just like the metrics that I keep track of, acting on feedback from customers allows the Technical Support team here at WinMagic to improve to serve you better.  That’s the key reason why you get a survey when a case is closed. I want to know what your support experience was like so that I know what went well, and what we can improve upon.  Rest assured, when I get feedback I do act upon it. (more…)

Protecting Cloud Workloads against Undisclosed Access in Microsoft Azure

An international law firm and longtime customer of WinMagic has leveraged our flagship encryption and key management platform – SecureDoc Enterprise Server – to protect thousands of endpoint devices against loss or theft. In this era of digital transformation though, protecting endpoints is only one of many projects within their security and risk management portfolio. Now as the organization aim to leverage the undeniable benefits of cloud computing, IT had a new mandate to move their existing server infrastructure to Microsoft Azure. Security and compliance risks could no longer prevent cloud migration, despite concerns about undisclosed access to sensitive workloads; particularly those related to client cases, which could be subject to subpoena or government access. (more…)

Pre-Boot Authentication: Wisdom in Security – Part 2

In my recent blog “Pre-Boot Authentication. Wisdom in Security”  I wrote in conclusion: Bottom Line: ‘No PBA’ is not a wise choice for enterprises Microsoft’s reasoning that you don’t need PBA because the known memory attacks are difficult to pull off on most modern hardware is simply wrong because the threat is much more than just those  attacks.” (more…)

The Cold Boot Attack is Back

The Cold Book Attack was resurrected last week by some researchers at f-secure https://press.f-secure.com/2018/09/13/firmware-weakness-in-modern-laptops-exposes-encryption-keys/ .  I would like to provide some context for both the exploit and the mitigations because the cold boot attack is just the tip of the iceberg.   But first, if you don’t want to know the details, there are steps that organizations can take to protect against Cold Boot attacks on PC’s and Macs when using SecureDoc including: (more…)

Do physical servers really need to be encrypted?

In the past, I have tried to make the case for encrypting physical servers on premise.  The argument for not needing to encrypt them is that these servers usually run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center.  The protection that Full Drive Encryption (FDE) brings only really applies to data at rest, and it seldom is at rest on these servers.  I would counter that all drives eventually leave the data center for repair or disposal, and having them encrypted protects you from having your old drives show up on eBay, with your customer data still on them.  Encrypting the drive means it can be quickly…

ATM and IoT Security – Get Proactive, Be Protected

Takeaways from NCR Innovation Conference 2018 Innovation, Meet Security Digital banking has transformed the way we connect and transact with one another. From mobile banking apps to contactless payments, a focus on consumer experience has driven new technologies like never before seen. The consistent, common factor – convenience. That said, we’ve seen breaches of personal data and financial losses reach an all-time high. Why? Tighter compliance regulations and the irresistible appetite to leverage consumer data for business growth has put immense pressure on security professionals to keep pace. In late August, I had the privilege of speaking at Innovation Conference 2018, run by one of our core partners in the financial services sector – NCR. As a leader in digital…

Enterprise Encryption for Linux

Enterprise Encryption for Linux

Linux has built in encryption for several years now, yet enterprises still struggle with encryption on Linux laptops.  Why is that? To answer this question, let’s first review the disk encryption capabilities that are built into Linux: (more…)

Encryption management and controls strengthens IT forensics

It has been awhile since I last wrote about computer forensics and encryption so it is time for an update. First, what is Computer Forensics?   According to Wikipedia, Computer forensics is, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.”   In short it is like data recovery, but with additional guidelines and practices designed to create a legal “audit trail” that could be used in court if need be. (more…)

Pre-Boot Authentication: Wisdom in Security

As my colleague Garry McCracken ably reported earlier in this blog (Is Microsoft claiming Pre-Boot Authentication for FDE is not necessary?), Microsoft, in its wisdom, has declared that pre-boot authentication (PBA) for full-disk encryption (FDE) is not strictly necessary – except in cases where certain other security measures cannot be implemented. (more…)

Why I Choose to Let our Employees work from Home

I once worked for a company who didn’t believe in Technical Support employees working from home, despite having all the technology in place to allow that to happen. Their reasoning? Technical Support employees couldn’t be effective if they were not in the office. I’ve always thought that thinking was flawed, and my experiences with the work from home policy that WinMagic has in place reinforces that belief. (more…)

BitLocker Compliant or Practical? Mixed Message by Microsoft

On one hand, Microsoft says that BitLocker with pre-boot authentication (TPM + PIN) is the recommended best practice (See Here).  On the other, Microsoft admits that BitLocker with their pre-boot authentication “inconveniences users and increases IT management costs.” A mixed message for any IT pro responsible for keeping devices compliant and secure. Read on to discover the compliance shortfalls of BitLocker and how to address them. (more…)

RSA Conference

Five Observations from RSA 2018

I once again had the pleasure and privilege to attend the RSA Security conference in San Francisco, CA. rsaconference.com/events/us18. The conference keynotes, sessions and sidebar conversations were a good opportunity to see what the hot topics in security are. I attended a broad selection of sessions. Here are five diverse observations that I came away with: (more…)

Does Microsoft claim Pre-Boot Authentication not necessary?

Is Microsoft really claiming pre-boot authentication (PBA) for Full Disk Encryption (FDE) is not necessary? One could certainly get that impression from recent articles (HERE and HERE) posted by the organization.  The first article on “Types of attacks for volume encryption keys” lists a few known historical attacks that “could be used to compromise a volume encryption key, whether for BitLocker or a non-Microsoft encryption solution”, and the second makes statements like “For many years, Microsoft has recommended using pre-boot authentication to protect against DMA and memory remanence attacks. Today, Microsoft only recommends using pre-boot authentication on PCs where the mitigations described in this document cannot be implemented.” (more…)

Swimage Migration PC OS

Securing the OS Journey

Securing computers, servers, and IoT devices is an ever-changing process.  As organizations work to keep environments secure, there is always one constant, inevitable challenge – USERS. (more…)

WinMagic - Solving the Cloud Trust and Liability Problem

Solving the Cloud Trust & Liability Problem

In April 2015 I wrote about “Intelligent Key Management for the Cloud”. In that blog I described the various models for encryption and key management for virtual workloads running in IaaS including: (more…)

Tech Support With Headset IT

How Can I Help You?

Recently, I was on the phone with a customer who asked me this question: “How can we better help you to help us?” That’s a question that I was not used to getting. But it made me think about what customers could do to get better tech support. I ended up taking a day or two for me to really think about it, but I came up with the following which I decided to share with you: (more…)

Cloud Physical Virtual VM Servers

Physical Servers to Hyper-Convergence; A Need for Encryption

In the past I have tried to make the case for encrypting physical servers on premise.   The argument for not needing to encrypt them is usually that these servers run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center.  The protection that FDE (Full Drive Encryption) brings only really applies to data at rest and it seldom is at rest on these servers.   I would counter that all drives eventually leave the data center for repair or disposal and having them encrypted protects you from having your old drives with your customer data on them show up on eBay.  An encrypted drive can be quickly and easily crypto-erased…

BitLocker Windows 10: Compatibility is Key

Managing BitLocker in Windows 10   So you’ve heard – Windows 10 has hit the PC world by storm, with widespread adoption in the private and public sector catching up to the consumer side. According to Gartner, the adoption of Windows 10 is faster than previous OS and the traditional refresh cycles are shortening. What’s driving the movement? Well, it’s a combination of events really, all based on one common need – Security. (more…)

Yes, I Do Take Support Calls

One of the things that is unusual about me is the fact that I like to take customer support calls. Now you might find that weird as I do run a global support organization, and presumably I have better things to do than to take tech support calls when I have a staff that I have hired to do that for me.  However, I feel that in the interest of making my support organization better, I need to be on the phones from time to time, digging into cases that get submitted via our customer portal, or by e-mail.  Here’s why: (more…)

The Human Factor

Our Product Marketing Manager, Aaron, and I had a watercooler chat the other day about taking a fresh approach to a corporation’s IT Security in the likes and regularity of spring cleaning. An approach like this would be ideal – you would have an up-to-date inventory of your hardware, you would have up-to-date software, and a complete 360 view of your organization. After completing what might be an onerous task, you would be able to identify the robustness of your environment, where your gaps might be, and where you have room to improve. In general, one might argue you would feel ‘in control’. (more…)

The Company we Keep: Celebrating businesses in Canada, featuring WinMagic’s founder & CEO Thi Nguyen-Huu

Canada’s economy is built upon the success of our citizens, their ingenuity and innovations. WinMagic CEO, Thi Nguyen-Huu speaks of his passion for innovation in building WinMagic, its comprehensive data security solutions, and the value that we bring to our customers in this video produced by Collins Barrow, one of Canada’s largest associations of chartered accounting firms, in celebration of Canada’s 150th birthday! (more…)

We Spoke with Healthcare IT Leaders – Here’s What We Learned

Businesses and Organizations in the U.S. Healthcare Industry are arguably subject to the most stringent data privacy and security laws on the planet. If you’re a Healthcare IT leader involved in compliance efforts – we certainly sympathize with you. Recently, Aaron McIntosh and I held a webinar on HIPAA Compliance for 2017 and Beyond in partnership with HiMSS – a 60,000+ member not-for-profit organization dedicated to improving healthcare through the best use of IT1. Our aim was to improve Healthcare IT leaders’ understanding of HIPAA in the context of the trends, breaches and common compliance issues we’re seeing across the industry so far in 2017. But it turns out that we gained far more insight than we shared with our…

The Key to Protecting Data, Featuring Gartner

If there is one absolute truth in business, it’s that data is now everywhere. Big or small, companies wrestle with keeping data secure with an ever expanding mobile and agile workforce. Increasingly companies are turning to endpoint encryption as the answer to protecting their data. (more…)

4 Keys to Building an Independent Support Team

Recently I was on a call with a customer where one of my Team Leads and the Support Agent did most of the talking. Part way through the call, the customer asked me why I wasn’t saying anything. My response was that both my Team Lead and Support Agent had a plan that made sense and could speak to that plan. On top of that they had the ability to make decisions and adjust the plan without running it by me. Finally, I had complete confidence and faith in their abilities. The fact that I was willing to put that much faith in my people and give them that much latitude was surprising to the customer. And it’s likely surprising…

The 6 Point Data Security Spring Cleaning Checklist

As an enterprise, you should not need an occasion to ensure that your security practices are up-to-date, fine-tuned and resilient. However, when immersed in the day-to-day it’s easy to overlook or neglect some of the standard best practices to securing your environment. The first signs of spring seem to trigger an inherent need to clean, and it’s no longer isolated to the garage or the cottage. It’s easy and worthwhile to apply the concept of spring cleaning, an annual event, to getting your security house in order too. Here’s a 6 point checklist to get you started! (more…)

BitLocker or (Fill in the blank)

  Throughout our 20 years of experience in the endpoint encryption market, who do you think our biggest competition would be? Symantec? McAfee, maybe? Wrong, and wrong again. Native crypto solutions like BitLocker and FileVault 2 dominate the endpoint encryption market. After all, why wouldn’t they? They’re free, they’re integrated into the operating system, and they do their job well. But are they really our competition? (more…)

2017 International Crypto Module Conference & FDE cPPs

From May 17th to 19th, I had the pleasure of attending the Fifth International Cryptographic Module Conference (ICMC 2017) with my colleague, Alexander Mazuruc.   Alex usually attends this conference which focuses on cryptographic modules  and FIPS 140 type issues,  but this year there were 8 tracks on related subjects such as Quantum-safe crypto (yes, that is a thing), and Common Criteria.  The conference had about 35 different sponsors including the Trusted Commuting Group.  Overall I found the conference very informative and a good place to network in the community. (more…)

Flexibility in IT

We often talk about flexibility in IT in instances of user-friendly experiences like knowing your Microsoft Word doc will open in Apple’s Pages, or the ability to accept or decline a meeting request from your iPhone with an Outlook account.  But, what is being developed behind the curtains for IT flexibility is going to change how the world uses technology. (more…)

Are Companies Safeguarding Their Customers’ Personal Identifying Information?

As data privacy concerns and supporting regulations escalate, are companies really prepared to ensure protection of their customers’ personal identifying information (PII) and to quickly and accurately report a breach should one occur?  WinMagic recently conducted a survey of IT decision makers in the U.S., UK, France and Germany to assess their companies’ capabilities in these areas – and the findings should raise some red flags. (more…)

SC eConference Data Security

WinMagic will be exhibiting at the SC World Congress (SCWC) eConference on Data Security on Tuesday, September 24, 2013! SCWC hosts virtual conferences each month focusing on challenges that IT security professionals encounter frequently in their roles. SC Magazine is an unbiased source for IT security, risk management and business information for organizations globally. (more…)

Keeping the random in RNG

Earlier this week my colleague Garry talked about his experiences attending the TCG conference recently and the ‘hallway talk’ about the NSA. It raised some good observations and had me thinking about a recent blog from the NY Times about the NSA and their relationship with the National Institute of Standards and Technology (NIST). (more…)

The End of Trust?

A colleague and I attended the Trusted Computing Conference the week of Sept 9th in Orlando, Florida.  WinMagic had a demo pod in the Trusted Computing Group’s booth where we showed SecureDoc booting Windows 8 while managing an Opal SED with UEFI Secure Boot enabled.   More interestingly, we demonstrated PBConnex Autoboot securely retrieving the credentials to unlock the drive from my colleague’s SES server running in Kansas City.  It was a pretty impressive demo (well at least I thought so anyway). (more…)

Protecting the US Cloud Industry and their Customers

You are probably, at least to some extent, aware of the controversy surrounding the now infamous online surveillance program run by a number of government agencies in the US and abroad. Almost on a weekly basis more information and details about the program are being leaked to the media. The revelations regarding the massive scope and span of the programs have raised concerns among two main groups. (more…)

UEFI Summerfest 2013

A colleague and I attended the UEFI Summerfest on the Microsoft Campus, in Redmond last month. It was very well run and Microsoft was a great host.   (more…)

Is that laptop worth $7 million?

One of the key examples I use when talking about the importance of data encryption is the value of the data that could potentially be exposed. Is a $900 laptop worth the $1 million or more of liability potential if it’s unencrypted and lost or stolen? It turns out I was wrong – the average settlement is much higher, and that’s a good thing. (more…)

Travelling is always a Security education

I’ve been doing a lot of travelling lately and talking to lots of folks about data encryption and SecureDoc specifically. It’s always interesting to get a sense of people’s perceptions around the topic and key areas of interest like Self Encrypting Drives (SEDs). (more…)

The Promise and Practice of UEFI for Full Disk Encryption

When I first heard about UEFI a few years ago I thought it was a great idea. It could make life easier in the long run for developers of full disk encryption to provide advanced authentication and maintenance features for their customers. With this in mind I joined WinMagic up to UEFI.org.  Having implemented pre-boot authentication on Apple Macs, which used EFI, we were already familiar with UEFI’s predecessor. (more…)

Hidden Benefits of Encryption for Legal Services

Lately we have noticed a growing interest for encryption and data security in the legal services industry. Legal services face a similar challenge as other verticals with the need to protect corporate assets being shared through multiple devices and portals. An effective encryption can help significantly reduce liability, negative public image and hefty fines resulting from lost or stolen data. (more…)

Securing the Cloud

Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal? It’s Google, it has to be secure right? (more…)

What’s the right choice?

We’re a huge proponent that Full Disk Encryption (FDE) is the cornerstone of any data security solution and should be the foundation for which all solutions should be built on. (more…)

The End of Trust

Data Security and Compliance in the Healthcare Industry

As discussed in a previous post, data breaches continue to be a growing concern for organizations in the healthcare industry. Health organizations are looking for a cost effective and reliable data security solution that can protect their data, ensure compliance, mitigate business risks and decrease IT administration costs. With the mobile nature of the healthcare work force coupled with the increasing popularity of Self Encryption Drives (SEDs), the need for a solution the can manage all devices in one centralized location becomes even more imperative. (more…)

All Good Things Must Come to an End

When we launched SecureDoc 6.2 last week and revamped/improved our support offerings, there was another fundamental change we implemented and that was around the length of product support. (more…)

SecureDoc 6.2 is here!

As we teased last week, we have been gearing for a launch today and that launch is SecureDoc 6.2. Now, it may not seem like a significant step from 6.1 to 6.2, but it’s more than just what’s in the latest edition of our data encryption and security solution. (more…)

Building Support

We’ve teased about the SecureDoc updates coming next week, but it’s going to be more than just about updates to our software. (more…)

Continuous Improvement

This week we’ll be using a lot of our social media channels to tease the upcoming release of the latest updates to SecureDoc and this blog is no exception. (more…)

The 5 Pillars of Transparent Data Security | Secure Speak

Over the years, we have grown to be recognized as one of the leaders in the data encryption and security industry. With a transparent approach to encryption, our security tools work seamlessly in the background providing a non-disruptive workflow for the user while protecting corporate assets. (more…)

All for One

As a specialized software company that focuses on data encryption and security with strengths in key management and overall encryption management, it’s extremely important to maintain strong relationships with OEMs. (more…)

Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers to the adoption of data encryption solutions. (more…)

Emergency Services Organization Need Protection Too

When we look at the number of clients we work with on a daily basis and the magnitude of industries they represent, it’s pretty easy for us recognize that companies in all verticals are now beginning to understand the importance of securing their data.  Of course, there will also be more companies who subscribe to this belief given the nature of their business, the legislations they face and the data they handle on a frequent basis. (more…)

Intel Anti-Theft and SecureDoc

We received a “Qual (pre-release) SDP” from Intel last week.   Basically, an SDP (Software Development Platform)  is pre-released hardware intended for ISVs (Independent Software Vendors)  like WinMagic to develop and test software against the latest Intel chip sets,  even before pre-release platforms are available  from the PC OEMs (for example HP, Lenovo, Dell, …).  Our QA department was keen to get its hands on the Qual unit to test SecureDoc’s support for Intel AT 5.0 that comes with these new units.   Our Development team had previously implemented support for Intel Anti-theft (AT) 5.0 on an “alpha” version of an SDP but those are not suitable for QA. (more…)

Assessing Security & Risk

This week I’ve been in National Harbor, MD attending the Gartner Security & Risk Management Summit. As a newcomer to this event, it’s been a whirlwind few days delivering excellent content and insights into key market trends and customer needs. (more…)

Continuing the Innovation Conversation

A few months back we attended an Innovations Showcase event in Seattle where we met with prospective customers and talked about trends in data security. We were at it again yesterday in Detroit and once again, engaged in good dialogue with organizations seeking to strengthen their data security solutions. (more…)

Opal 1.0 vs Opal 2.0 Self-Encrypting Drives (SEDs) FAQ

The Trusted Computing Group (TCG) published the Opal 2.0 specification for SEDs in Feb 2012 so this isn’t a new topic.   However, now that most of the drive manufacturers that supported Opal 1.0 now have, or will soon have, Opal 2.0 drives I have been getting more inquiries  about the differences between them. (more…)

WinMagic’s SecureDoc Powers HP Drive Encryption

We said we’d have some pretty big and exciting news a little while ago and today’s the day we deliver. We’re extremely proud to announce that WinMagic has been selected to be the exclusive provider of full volume encryption technologies for Hewlett-Packard’s Client Security solution. (more…)

Wrapping up FOSE

As you saw last week, we were pretty busy at FOSE meeting people, shaking hands and talking about data-at-rest security. It was an interesting show to say the least. (more…)

Talkin’ to Government – Day 2 Update

It’s certainly been an interesting couple of days at FOSE so far.  We’ve had some great conversations with folks that have stopped by our booth.  The good news is that many are recognizing the importance of data security and the value it provides.  The stage that organizations are now at is identifying where to start and how to ensure they are implementing the best practices of data security so that they can properly protect data within their organizations. (more…)

Talkin’ to Government

Today marks our first day at FOSE – the annual conference for government technology professionals. In today’s increasingly security-sensitive environment, this conference should provide some good insights as to what’s on the mind of folks working in government and how to best work with them. We’re going to be at Booth #1143 in the Free Expo if you’d like to stop by and chat. Alternatively, I’ll be presenting on Wednesday during one of the free Solution Sessions at 11:15am. (more…)

Conversation Starters

Through the years I’ve come across partnerships that fail to have the right sales enablement tools in place. It’s common. Now, there are many factors related to the rise and fall of revenues, but if you can look back and know that your sales staff is equipped with the right information, it means less head scratching and building on what you know is a good foundation. (more…)

Strength in Sharing at the FS-ISAC Summit

WinMagic was a sponsor at the annual Financial Services Information Sharing and Analysis Center Summit at the Marriott Sawgrass in Ponte Vedra, Florida last week. This popular three day event introduced engaging, thought-leadership presentations and networking opportunities with representatives from the Top 100 Financial Institutions within North America. (more…)

So much to do so little time

It’s been a busy couple of weeks here at WinMagic. We announced the availability of our latest study from Ponemon and earlier this week we held a Webinar walking through the results of that study with all the key partners in the initiative. (more…)

WinMagic Observations from Infosecurity Europe 2013

Last week, WinMagic joined thousands of other security and technology vendors and professionals at the annual Infosecurity Europe 2013 event in London, UK and made some insightful discoveries from customers and those in the industry. (more…)

The value of SEDs

Secure but expensive. That’s been the traditional spin on Self Encrypting Drives (SEDs). That however, is changing and quickly. (more…)

What is going on in Healthcare?

I’ve talked about data breaches due to a lost laptop before. They’re common, painful and usually generate horrible publicity. It continues to be alarming how many of these devices that are lost continue to be unencrypted. Looking around lately, there’s a very disturbing trend - healthcare professionals are losing devices left, right and center. (more…)

Sharing is Caring!

We’d like to believe part of the reason WinMagic is successful comes from listening and focusing on our customers.   We’re always more than pleased when we open up questions to solicit our customer’s and prospect’s feedback on product enhancements, features and general pain points they are looking to solve.  Quite often, our customers provide a fresh perspective that we haven’t even thought of before which sparks that “Eureka!” moment. (more…)

An innovative approach – CIOSynergy

Last week I had the opportunity to attend the CIOSynergy event in Toronto at the Trump Hotel & Tower. It was an interesting day of interacting with key IT decision makers within various organizations and learning about some of the trials and tribulations they face day-to-day. (more…)

All or nothing ? Removable Media Container Encryption is the Answer

They say less is more. That’s rarely the case when you’re talking about data security, but there are instances where a less heavy-handed approach is appreciated by both administrators and users. A common approach to removable media encryption is to focus on encrypting the entire volume to limit the risk of data loss. (more…)

Nothing a patch can’t fix

Historically, when we’ve had to make updates to SecureDoc we’ve issued Service Releases (SRs) to address minor bug fixes, software update and feature additions. SRs enabled us to ensure continued compatibility with things such as Mac OS X updates. (more…)

Hot Topics from the RSA 2013 Security Conference

My colleagues and I attended the 2013 RSA Security Conference last week in San Francisco, and with well over 20,000 attendees, RSA was very busy and better attended than in recent years. After the conference I polled my colleagues for their “take” on the event.   (more…)

7 Myths of Encryption

We get a lot of questions and concerns around encryption and how the implementation will affect the organization. Although people recognize the benefits of encryption, there are a lot of misconceptions around the notion of encryption and its impact within an organization.  It’s not to say that these misconceptions hadn’t been true once upon a time but with the evolution of technology, many of these “facts” have truly turned into something of the past.  (more…)

Waging the War on Passwords

We have seen large password hacks recently including: LinkedIn, eHarmony, and Yahoo. Hacks so large some in the industry call this the Password Wars. Unfortunately for the general public—we are losing. However, before the trumpets play, let’s give them a fight. Our feature blogger Darren Leroux has touched on this subject before and inspired me to really take a look at innovations that may change the way you secure your information.  (more…)

Enlightening Conversations

Last week I attended an event in Seattle; it was a small, intimate group setting where a number of vendors talked about IT security with key business leaders. It was an interesting day full of discussion around how to secure the enterprise ranging from the cloud to end point devices. (more…)

FDE and Windows 8 – Showing off at RSA

The TCG is hosting its annual security workshop at the RSA Security Conference on Mon Feb 25th in San Francisco. I have attended for the last 5 years and always found the panels and speakers well worth the time invested to attend. (more…)

Happy Valentine’s Day! Why Marketers Love Data Encryption!

As Data breaches become more and more prevalent in today’s world it is worthwhile for Marketing and IT departments to band together to make a case for the implementation of full disk encryption in an effort to protect both privacy issues as well as brand equity. In my experience, most stakeholders understand data breaches can and should be avoided; but if they do occur, and and organization is viewed as having inadequate protection of customer and employee records, stakeholders and the public at large can be ruthlessly unforgiving. That’s where the rubber meets the road and companies can suffer a significant bottom-line impact of brand deterioration. (more…)

AES-NI Validation

WinMagic has a long and successful history of data encryption – pretty sure I’ve said this before. One of the key things we work to ensure is compliance and certification with things such as the Cryptographic Module Validation Program (CMVP) which is managed by the National Institute of Standards and Technology (NIST). (more…)

Constant Improvement

Late last year we introduced SecureDoc 6.1 and introduced a whole host of new features including MDM, FileVault 2 management capabilities, a Web-based console and more. As with any new release there are kinks that can be worked out and we’ve been working hard to address any minor bugs customers have noticed. (more…)

The CES of Security Events

Much like January marks the annual tradition of consumer electronics companies embarking on a trip to Las Vegas for the mother of all technology tradeshows, February is the time of year all security companies gather together in San Francisco for the RSA Conference. (more…)

Encryption Alphabet Soup

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a completely different meaning from discipline to discipline. Even within a discipline it is common to see the acronyms muddled together. (more…)

Encryption solutions & Pre-Boot Network-based Authentication

If you have been reading the various blog posts we’ve published over that past few months you’ve seen us talk about: smart cards, cloud computing security, BYOD, MDM, FDE, FEE and more. What we really haven’t delved into is one of the main differentiators we offer in the market and the fact no one has be able to offer the same level of security – Pre-Boot Network-Based Authentication. (more…)

What’s your P@ssw0rd?

I know I’m a little late to the party, but recently I’ve been giving more and more thought to the passwords I use to access the various sites and tools I use on a day to day basis. The main reason I started thinking about this is because of Google’s introduction of the 2-step verification process and a recent article in Wired in which Google has declared ‘war’ on the Password. (more…)

The Cost of Data Loss

Earlier this month I wrote a blog about it being ‘A new year, same mistakes.’ Little did I know that things would continue to snowball with more data breaches – specifically in Canada – happening as a result of unsecured removable media.  (more…)

What kind of encryption is best for you?

There are plenty of ways to secure data and all have pretty acronyms: Full Disk Encryption (FDE), File and Folder Encryption (FFE), Removable Media Encryption (RME) and so on. These three are the ‘meat’ of any good encryption solution. The question an organization has to ask itself is – which is best for me? (more…)

The PC is dead, long live the PC

There’s nothing like being melodramatic at the beginning of the week. Today Gartner Inc. released the latest worldwide PC shipment numbers and it looks like things are declining. Gartner is attributing much of this decline to a shift to Tablet devices. (more…)

A new year, same mistakes

It’s 2013 and everything old is new again. It’s 10 days into the year and so far we’ve heard about at least two key data thefts and a summary penalty for exposing personal health info in the U.S. (more…)

How SEDs Really Work

I have been working with hardware and software encryption for well over a decade now and I have seen countless power point presentations on the advantages of hardware encryption over software encryption.  Transparency, performance and security are the big three. (more…)

SESWeb – Private Cloud Ready

In a previous post, Rethinking Data Security in the Public Cloud, I alluded to a Private Cloud management post. So in spirit of SecureDoc Version 6.1—let’s talk Private Cloud (or #PrivateCloud to all of you Twitter geeks like me).  (more…)

Why Apple Matters in The Enterprise

It’s always interesting to get into the Mac vs. Windows debate as it relates to the Enterprise. For the longest time, the corporate IT stack was predominately Windows-based, but not any more. With the introduction of the iPhone and iPad, Apple has seen its reach within the enterprise slowly grow over the past few years.  (more…)

It Really Can Be That Easy – Single Pane of Glass

As I mentioned in my previous blog post, I used to run a small encryption team at a large organization before I came to work for WinMagic. One of the key responsibilities we had was to generate FISMA (Federal Information Security Management Act) compliance reports for NIST SP 800-53, AC-3 and SC-13 controls. What does that mean? Essentially, these are reports that ensure key security standard requirements are met within the organization for Government regulatory purposes. (more…)

Plotting world domination

Last week was a busy week for us WinMagic folks. As we’ve entered the new fiscal year for the company, so began our annual Sales & Marketing Kick-off event for our FY’13. It’s the event where the key customer and partner-facing teams get together and plot world domination of the data encryption and security market. (more…)

The Need for Speed

Is software encryption on a notebook with a Solid State Drive (SSD) a non-starter due to performance concerns? This is a good question and I have heard it asked by some pretty smart people recently. (more…)

An offer you can’t refuse

This post is going to be a lot of shameless self-promotion for WinMagic but it’s something we think is important as it’s tied directly to the recent launch of SecureDoc 6.1. (more…)

Introducing SecureDoc 6.1

In today’s world, Bring Your Own Device or BYOD has quickly become a reality that organizations have come to expect.  With over 76 per cent of employees using multiple devices, many of which are now owned by the individual not the organization, companies need to ensure that their corporate data is well protected.  The solution for this issue is SecureDoc 6.1. Data Encryption from WinMagic. (more…)

It’s a BYOD World Embrace It or Expire.

There is a great debate raging in the security industry today on how to best provide secure corporate data in a BYOD world. The consumerization of IT and bring-your-own-device (BYOD) are becoming prevalent in organizations at lightning speed, both with and without the knowledge of corporate IT departments. (more…)

When virtual environments get too heavy

When Virtual Environments Get Too Heavy

As an encryption security vendor that is working its way into Mobile Device Management (MDM), I’m fascinated and constantly looking at new ways to secure mobile devices and company information. As someone with a background in virtualized environments, I’m even more intrigued when companies like VMWare introduce solutions. (more…)

The importance of partners

Go to market strategies for vendors varies in approach whether it’s entirely direct, indirect or an amalgamation of both. WinMagic adheres to a hybrid approach that best matching the requirements of the customer or business practices within a given region. (more…)

It’s not as hard as you might think

I was reading an article from ITWorld this week that touched on the recent data breach at the South Carolina Department of Revenue. While I find this type of thing fascinating, I also find it scary when someone says something like this: "The industry standard is that most SSNs are not encrypted… A lot of banks don't encrypt, a lot of those agencies that you think might encrypt Social Security Numbers actually don't, because it is very complicated. It is cumbersome and there's a lot of numbers involved with it." - South Carolina Governor Nikki Haley (more…)

Windows 8 is here! Now what?

As someone that’s worked in IT for the better part of 14 years, I’ve seen my fair share of product launches. When it comes to operating systems, it’s always a cyclical engine; big flurry of attention at launch followed by mixed reaction to the product. (more…)

Smart Cards, 10 Years Later – Part 2

In my last blog, I left off talking about the different forms of authentication and the abundance of solutions available to enable multi-factor authentication (based on the directive to increase security for user authentication into laptops). (more…)

Smart Cards, 10 Years Later – Part 1

Over the last decade we have seen technology advancements grow in all sectors.  For most of us, this is an “expectation” we look forward to:  what’s the next cool gadget this year and how does it work?  For businesses however, these new technologies are often viewed as:  a new requirement that we have to now meet in order to be compliant.  This usually means the solution is mandated to address one key design phase - “security”.  Security alone doesn’t advance technology; solutions must be innovative, easy to use, manageable, and sometimes even  cool! (more…)

Annual TCG Members Meeting: The Slow March of Progress

I attended the TCG (Trusted Computing Group) annual members meeting last week in beautiful Vancouver and thought I would share a couple of observations. First of all, a little background - The TCG is an organization whose mandate is to set security standards for commercial use.  The scope ranges from small mobile devices to large disk drives used in the enterprise.  Key participants (about 100 in person this year) include: the PC OEMs (e.g. Lenovo, HP, Dell, etc.), OSVs (e.g. Microsoft), component manufacturers (e.g. disk drives, TPMs...), governments and ISVs.   That’s where WinMagic comes in.   We are an Independent Software Vendor and a member of the Storage Work Group (SWG).   The SWG is responsible for the “Opal” specification for self-encrypting…

WinMagic Launches New Website – Faster, Better, Easier to Navigate

Last Wednesday, we officially launched our new WinMagic website and we’re very excited to have had some great feedback already, from our customers and partners around the globe.   Our new website features a complete redesign with an easier navigation structure to allow our visitors to find the content they are looking for quickly and easily.  We’ve also remodeled the WinMagic home page so that our most popular content relating to the latest and greatest in the security and encryption world is prominently displayed.  (more…)

Nothing is ever ‘free’

Last week I attended SC Congress in New York and did a presentation talking about the results of our study with the Ponemon Institute and the cost of data encryption solutions. It was a good event, well attended and there was great turnout at the session I presented at. What really resonated though was the nodding heads when walking through the information. Engaging the audience is always important when presenting, but getting agreement on key findings and data in general, is always refreshing if not comforting. It helps validate what we did, why we did it and why we think it’s important. (more…)

Rethinking Data Security for the Public Cloud

For many, Cloud is a buzzword floating through cyber space. It is all too common to hear stories of data being compromised due to insecure Cloud hosting, spawning critical audit sweeps and apologetic corporations responding to upset customers—Yikes! (more…)

Encryption Administration – How many people does it take?

It’s always staggering when we speak with our clients how many people are actually on their encryption team and how much time and effort they spend just trying to get things right.  Are you any different? How many people are on your encryption administration team? How much time do they spend on user management?  (more…)

Keeping up with the Jones’

The evolution of technology goes at a breakneck pace. Whether it’s new products coming to market or updates to existing products – it’s a never-ending cycle. As a software company that supports multiple Operating Systems (OS), we’re no different and one of the common questions I’m asked has to do with releasing product updates to support various OS updates. (more…)

Visionary! – Gartner Magic Quadrant

Being a software company focused on Mobile Data Protection (MDP) means we're constantly trying to evolve our products and services. And according to Gartner Inc. that's paying off as once again we were recognized as a Visionary in their annual MDP Magic Quadrant report! To see how we rank, read on. (more…)

Oh, so you stop hackers and stuff?

What I’d like touch on today with this post is a common misconception about data encryption and security. When I tell people who I work for and what we do, many people assume what we do is protect people from hackers. If people use our software the various security breaches people hear about would be prevented. I’d like to say that we could prevent any kind of hacks etc. but it simply isn’t true. (more…)

Making the Case for Data Encryption

In August, we released the results of a survey we did with the Ponemon Institute where we examined the Total Cost of Ownership (TCO) for data encryption. To make this information even clearer, we've now created a handy, easy to reference infographic! (more…)

Taking the plunge into data security

Welcome to WinMagic’s blog! If you’ve found this page, you’re interested in data security, encryption and discussions of that type, and that what I’m going to focus on. WinMagic is going to talk about what is happening in the security market, analyze issues, breaches, technology advancements and more. (more…)

keyboard_arrow_up