2 min read

SMB : Intel adds encryption to vPro

Intel is preparing to introduce a new set of security features in its next-generation vPro microprocessors

Intel is preparing to introduce a new set of security features in its next-generation vPro microprocessors that have been designed to extend the reach of encryption applications and make the systems easier to install and manage.

Built under the code-name Danbury, the embedded security features — planned to be introduced in early 2008 — promise to improve the efficacy of commercial encryption tools via onboard integration hooks for the programs, and by adding a new layer of hard drive protection when vPro-powered computers are asleep or otherwise powered-down.

According to Intel officials, the addition of the Danbury technology will also make it far easier for organizations to put encryption applications into place by directly addressing the common headache of key management within the new embedded security tools.

Many companies that have already installed encryption software on their computers are still struggling with key management, and, even worse, most fail to realize that the applications do not protect hard drives unless the machines are fully powered-up — creating an attractive vector for attackers and giving those organizations a false sense of security — said Steve Grobman, director of business client architecture at Intel.

Even those computers carrying today’s full-disk encryption tools remain vulnerable to attack when they are in hibernation and stand-by mode, he said.

That fact proves even more troublesome as so many companies are using encryption software as a means to safeguard sensitive data on their machines and meet compliance regulations, especially in the case of computers that have been stolen and had their authentication systems bypassed.

“Companies want to utilize full disk encryption to better protect their data, but commercial software products are hard to deploy and still leave many ways for machines to be attacked,” Grobman said. “By putting certain aspects of encryption into the hardware, versus using only software-based systems, we believe we can make encryption easier to deploy and manage, while addressing those remaining vulnerabilities.”