How Safe is Safe?
Business data resides in many forms and places today, and often travels outside the corporate physical boundaries: contact lists and communications on smart phones, marketing and business plans on laptops, intellectual property and designs on servers, etc. And it is accessed locally and remotely from a variety of devices through secured tunnels on public networks and over private networks. Protecting the devices as they travel and the data throughout transit and storage from threats is no small IT challenge.
Intel embedded security technologies address data loss prevention – both the data and the devices on which the data might reside with the following capabilities:
Enabling Ubiquitous Encryption
Encrypted data is the safest data. Without solid encryption, thieves can easily access an enterprise’s single-most important asset – its collective knowledge. Encryption allows an organization to secure its confidential information using complete disk or selective file/folder encryption. Traditionally, however, on-the-fly encryption and decryption would tax the client’s performance, impacting employee productivity. Thus, enterprises have been reluctant to deploy encryption company-wide.
Algorithms of the Advanced Encryption Standard are widely used in encryption/decryption processes in operating systems and security software. Intel® Advanced Encryption Standard – New Instructions1 (Intel® AES-NI) includes seven new processor instructions that accelerate encryption and decryption up to four times faster in applications optimized for Intel AES-NI, such as McAfee Endpoint Encryption.* When an optimized encryption product is employed, users avoid a “productivity/performance tax” with Intel AES-NI, enabling enterprises to employ ubiquitous encryption throughout the enterprise across business clients based on 3rd generation Intel Core vPro processors.
Now, it’s possible to simultaneously make data safer, while keeping employees productive.
True Random Numbers
Secure, protected encryption starts with a random number seed, typically provided by a pseudo-random number generator within the client. Higher quality numbers are less predictable and provide better security. And the more protected the number is during generation, the safer is the encryption. Numbers stored in memory during generation are eventually at risk by sophisticated malware.
Intel® Secure Key2 provides a clean source of random numbers through generation in hardware, out of sight of malware. The autonomous, self-contained digital random number generator resides on the processor package, making it chipset-independent.
Intel Secure Key is:
Any software application can benefit from Intel Secure Key, including the following:
Intel Secure Key deepens encryption protection without a performance tax.
Lost, but Not Forgotten
Data on laptops is often some of the most critical and most difficult to protect, even with the toughest mobile usage IT policies. Criminals involved in industrial espionage and trade secret theft understand the vulnerability mobile devices present.
Every day, hundreds of laptops go missing from airports around the world – many with highly sensitive data on them. Intel® Anti-Theft Technology3 (Intel® AT), embedded in 3rd generation Intel Core vPro processors, self-protects the data and laptop on which it resides if it goes missing. It can even enable the missing client to report its own location. And, Intel AT enables IT to remotely restore a laptop when the system is found and returned.
With Intel AT enabled on a business client, IT security management can define a threat to the device. A threat can be an incorrect login identity entered by a thief, a “fake” login identity entered by a user under duress, or prevention of the device connecting to a corporate network to periodically “check in.” The threat triggers the IT management system to send a “poison pill” to it, locking it down.
With Intel AT, locking down the system includes the following, making the device and data useless:
If the system is eventually recovered, it can be restored to working condition – even remotely by IT – simply by the user contacting the IT staff and providing appropriate authentication. Technicians can restore the identity keys and unlock the system, placing it back in service in minutes rather than hours or days.
Intel hardware-based, built-in security technologies protect data and laptops on the go.
1. Intel® Advanced Encryption Standard – New Instructions (AES-NI) requires a computer system with an AES-NI-enabled processors, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® Core™ processors. For availability, consult your system manufacturer. For more information, visit http:///software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni
2. No system can provide absolute security. Requires an Intel® Secure Key enabled PC with a 3rd gen Intel® Core™ vPro™ processor and software optimized to support Intel Secure Key. Consult your system manufacturer for more information.
3. No system can provide absolute security under all conditions. Requires an enabled chipset, BIOS, firmware, and software, and a subscription with a capable service provider. Consult your system manufacturer and service provider for availability and functionality. Intel assumes no liability for lost or stolen data and/or systems or any other damages resulting thereof. For more information, visit http://www.intel.com/go/anti-theft.