Intel pushes security features in Sandy Bridge Core platform

Data security is a growing concern for businesses and consumers alike, and Intel is putting new technology into PCs that will help prevent physical theft of laptops and stop identity thieves using stolen credentials to compromise online services such as bank accounts.

At the Infosec security show this week, Intel disclosed findings from a pan-European study into the true cost to businesses of data breaches from lost laptops in particular. The report claims that the average figure adds up to £31,148, when regulatory expenses, the cost of forensics, lost intellectual property and legal costs are added to the price of replacing the hardware itself.

But the chipmaker is already moving to address problems such as these with features built into its Sandy Bridge second-generation Core processor platform, including Intel Anti-Theft Technology (Intel AT) to lock down stolen systems.

A further feature called Intel Identity Protection Technology (Intel IPT) provides built-in support for two-factor authentication, adding stronger security than a username and password combination.

Intel AT was introduced with the first generation of Core vPro systems, but has been enhanced in Sandy Bridge to support remote lockdown via cellular networks as well as over an internet connection.

The technology works through a protected portion of the Manageability Engine integrated into the motherboard chipset in a Core vPro laptop. This has initial control over the system at boot-up and is thus able to check whether the system needs to be locked down before the operating system starts, as well as during normal use.

"Say you're at the airport and you turn around and your laptop bag has gone. You can easily call your service provider and report it. They send a message to the PC via the internet or SMS if the PC has a 3G card, and when it receives that message it locks itself down immediately," said Glenn Le Vernois of Intel's Services Programme.

In this context, 'service provider' refers to companies such as Absolute Software, which has built Intel AT compatibility into its online tracking and recovery services.

However, for enterprise customers, Intel said that PGP (now part of Symantec) and Winmagic include server-based support that IT departments can host themselves, so an executive could call their IT department to have their laptop disabled.

"Intel believes in supporting the ecosystem of providers, so we're not offering our own service, we're working through the ISVs," explained Le Vernois.

Key for enterprises, however, is that an administrator can set policies around the behaviour of Intel AT. This means that laptops can also lock themselves down if they fail to check in with the server over the internet within a specified time, after a number of failed log-in attempts, or if a thief tries to tamper with the laptop itself.

Perhaps equally important is that the laptop can be unlocked again, and the data retrieved, if it should be recovered.