SecureDoc 5.2: Full-disk encryption supports Lenovo Hardware Password Manager

WinMagic launches SecureDoc 5.2, the only full-disk encryption (FDE) solution to support Lenovo Hardware Password Manager (HPM) on ThinkPad laptops and ThinkCentre desktops. Hardware passwords prevent access to hard drives, including self-encrypting drives, to deter theft by making stolen devices worthless.

Lenovo and WinMagic have teamed to integrate HPM with WinMagic’s SecureDoc Enterprise Server (SES) to enable administrators to centrally manage all four standard hardware passwords from the same console that manages enterprise-wide encryption – making it simple to utilize SED (Self-Encrypting Drive) and BIOS credentials, monitor device status and reset BIOS passwords to ensure forgotten passwords do not negatively impact productivity.

SecureDoc 5.2 is also the first FDE solution to incorporate Pre-Boot Networking (PBN) and Advanced Encryption Standard New Instruction (AES-NI) to make FDE easier to manage and faster than ever before – enabling organizations to provide all the security benefits of FDE without any of the management, user or network performance headaches associated with encrypting endpoint devices.

PBN enables SecureDoc 5.2 to authenticate fully-encrypted endpoint devices against Microsoft’s Active Directory (AD) and the SES from the pre-boot environment – before the key to decrypt and load the operating system is available. By eliminating the need for users to authenticate locally in the pre-boot environment to unlock the system and connect to the network, PBN makes it just as easy for users to access the network from an encrypted device as an unencrypted device.

Eliminating the need to preload user keys on an encrypted device also makes it simple to authenticate users with network resources rather than local credentials, which enables administrators to utilize all the same management tools for encrypted networks – including software upgrading and patching, system reboots, adding third-party consultants and instantly removing a user’s logon permissions or resetting their password for immediate pre-boot authentication by simply updating their AD group membership – that were previously only available on unencrypted networks.

SecureDoc 5.2 also improves the speed of full-disk encryption by providing full support for AES-NI – a new set of CPU instructions. By making it easy to configure AES-NI from the SES, SecureDoc 5.2 now makes it simpler than ever before for customers to encrypt drives in Windows. When AES-NI is used to encrypt SSDs (Solid State Drives) users get significantly more performance out of these fast drives than is possible with just straight software encryption.

Additionally, SecureDoc 5.2’s key file credentials can now be synchronized with a user’s Windows ID to provide Single Sign-On (SSO) capability with Windows 7 64 bit. As a result, users can unlock the key file, boot the Windows operating system and log on to Windows 32- and now 64-bit systems by simply entering their pre-boot authentication credentials – eliminating the time required to enter multiple credentials and the need to memorize multiple passwords.

SecureDoc 5.2 also supports sleep mode (s3) for centrally-managed SEDs such as the Seagate Momentus FDE and the TCG (Trusted Computing Group) “Opal” specification drives. This provides organizations with the flexibility to centrally deploy any combination of enterprise-class “always-on’ hardware/software-based encryption – or transition between the two – with full transparency for users and a consistent management interface for administrators.

More about

Don't miss