The Evolution of Remote Security: Learnings from HP Amplify 2023
How can security and vulnerabilities be managed for offline devices?
On March 15, 1996, a Fidelity Investments employee had a personal laptop stolen after leaving it in a rental car while eating dinner at a California restaurant. Less than two weeks later, his employer sent a letter to 196,000 Hewlett-Packard Co. employees, informing them their records were part of a data breach.
In the 27 years since then, and especially with the pandemic driving more work out of the office, the risk of data breach by stolen laptops has only worsened. Millions of laptops are stolen each year, and according to a 2019 Forrester report, 15% of data breaches can be traced back to lost or stolen laptops. HP’s own global study of security leaders conducted last summer shows that 84% of security leaders say the endpoint is the source of most security threats and where the most business-damaging security threats happen.
Too often, companies find themselves in the same position that Fidelity Investment did. An employee calls in about a lost device with personally identifiable information on it. The company can’t be sure whether the data on it remains safe and must send a data breach notification to those affected. The fallout often involves reputational damage, legal investigations, and operational losses.
“Imagine how much harder the job of securing a device is when that device isn’t in the office once a week, or once a month,” says Joanna Burkey, the chief information security officer at HP, on stage at HP Amplify on March 29 in Chicago. “Wolf Connect removes that friction because the state and location of the device doesn’t matter.”
Wolf Protect & Trace with Wolf Connect brings the ability to locate, lock, and wipe a laptop remotely, even if it is offline and even if it is powered off. It’s a kill command that could have protected those employees that had their sensitive information scooped by a common ring of laptop thieves all those years ago.
Released on March 29, Wolf Connect is a new product focused on endpoint security. It helps IT administrators with asset management by providing a dashboard to manage devices, no matter where they happen to be located. The devices can be managed even when not connected to the internet or powered on because the solution uses a cellular network for telemetry. As a result, only specific laptops can be managed in this way.
See More: How Security Leaders Can Handle the Risky Behavior of Remote Workers
Building Unique Security Capability
Jonathan Gohstand, director of technical product marketing at HP, demonstrates the HP Wolf Connect Protect & Trace feature at HP Amplify in Chicago, March 29, 2023
“If you have the regular broadband card for internet access, we can leverage that,” explains Jonathan Gohstand, director of technical product marketing at HP, “but most people don’t put that in their PCs… So there will be a different option, which is a low-cap, low-cost, dedicated-cellular card that can only be used for this Wolf Connect telemetry.”
Customers will not incur any additional costs as the required cellular subscription is managed by the company in the background. The first compatible laptops for the service are the HP G10 product line and the ProBook 400 series and above, he says.
“We change the wiring on the motherboard to get the permanent connection to the battery,” Gohstand says. “So if you power down, the radio still has power, and the little security controller still has power.”
Protect & Trace’s capability to lock and wipe a device is the first feature coming to the Wolf Connect platform, he adds. It will be available for use by the third quarter of 2023. More features will be rolled out to the Wolf Connect service eventually, but HP wants to see customers buy into it first. HP is yet to finalize pricing for adding the cellular module to a new laptop order.
“People value both the data on the PCs and the PC asset itself,” Gohstand says. “It’s just an obvious extension of manageability against the PC.”
See More: Security in an Increasingly Distributed-Workforce World
Similar Solutions Depend on the Internet To Deliver Commands
Other PC vendors have offered a poison pill provision, but none have been able to deliver the capability for offline devices.
Lenovo’s Computrace is embedded below the operating system layer as well, into the system bios, and allows management functions, including tracing and locking a laptop. It requires the device to be connected to the internet to deliver commands. Intel’s vPro chips also provide hardware-layer access to Windows devices for remote management and can even allow for powered-off laptops to be managed. But the functionality relies on internet connectivity to deliver KVM Over IP.
Wolf Connect offers a new remote management capability that just wasn’t possible before. It may appeal to certain enterprises with large laptop fleets that have been plagued by data breaches related to lost or stolen devices, such as government or financial institutions. The remote lock and wipe capability is a clear high-value starting point for the industry at large.
It will be interesting to see what new capabilities and solutions in the remote security management space will emerge in the future. One could imagine critical updates being pushed, emergency messages being sent, or configuration updates all managed remotely soon.
What are your thoughts on the evolution of remote security management? Share with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON REMOTE SECURITY
- How SASE Helps Overcome Remote Access Challenges
- Cybersecurity in the Time of Remote Threats
- Automation Solutions Key To Ensuring Security and Protection in Remote Environments
- Hands Off My Laptop: Why Remote Work Has Changed Endpoint Security Forever
- Physical Device Security Is Vital in the Remote Work Era
About Expert Contributors: The Expert Contributor program is designed to help kickstart meaningful conversations around the priorities and challenges most critical to C-level executives. The insights and perspectives will help CIOs tackle what’s most important to them. We are always looking for industry thinkers who can help set the narrative for our enterprise audience. To know more about this program, and submit your ideas, reach out to the Spiceworks News & Insights Editorial team at editorial-toolbox@ziffdavis.com.
