If you are a company who does not want to end up on the front page of the Wall Street Journal for bad reasons (who does?), then you need to encrypt the data on your company's hard disk drives. Many IT shops recognize this as something they should do, but seldom get around to it. One reason is that it is YASP (yet another software program) to test, deploy, and support. Plus, due to the nature of the beast, it is a type of program that really needs to be thought through carefully. Any wrong step, and users are locked out of their machines. Lose the password and data is gone. Permanently. The encryption segment of the industry, and indeed most of the software encryption vendors, acknowledge that the end game is hardware encryption -- self encrypting hard disk drives. Instead of installing and running a layer of software that encrypts the data on your drive, these FDE (full encryption drives) encrypt every bit of data that is written to them from day one. They have bulk encryption chips inside them that work at full drive speed so that there is theoretically no performance penalty. Contrast this with sometimes finicky software that has parameters like boot sector dependencies and compression overhead. Despite its drawbacks, from an IT standpoint, software encryption has been the only acceptable solution. The main reason: manageability. IT shops need to know that if their end user forgets his/her password, that they can restore access to the system. They also need to make sure that they can access all data for auditing purposes. The enterprise software encryption vendors (like Utimaco), offer this key functionality. FDE drives didn't really have a good management solution -- until now. By using Lenovo's Hardware password manager, IT shops can now have the ability to centrally control the hardware password for all types of self encrypting hard drives. Lenovo's tool is not the first tool on the market to do this. Wave software has had a product, and indeed, one of our competitors sells it as a solution. But it has a major drawback. If you are evaluating the Wave solution, ask your solution provider if it can manage drives from any other vendor than Seagate. Go ahead I'll wait.
From our standpoint, a software management tool that locks you into a specific product FDE SKU from a specific vendor is not the best way. I'm not in the slightest suggesting that there are any problems, but certainly any customer evaluating this solution should ask for assurances that:
- Since the software solution only manages one type of hard drive from a specific vendor, that there will never be any supply problems
- That the price of the single vendor hard disk solution will remain competitive with other brands of self encrypting HDDs on the market
- That the technology will be based on industry standards and will be supported long-term
- That the technology has a roadmap to continue to improve performance and capacities
Our solution is designed to work with all types of FDE drives on the market, regardless of vendor. As new technologies become available, customers are free to choose what works best for them and not be locked in. There is lots more to learn about this solution. Our security team recently prepared a video that explains exactly how this technology works in great detail. The following video is 10 minutes in length, but is well worth your time if you are evaluating this technology or are even just curious. Stacy and Jeff answer many common questions, including connected to the network and disconnected from the network scenarios.