HP Client Security Commercial Managed IT Software Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook Revolve 810 G2 Tablet

HP Client Security Technical Whitepaper

August 2016

747889-002

HP Security Strategy 9

4 HP Security Strategy

The HP security strategy to protect users is encompassed through:

 Data Security (Shown in Table 1)

 Device Security (Shown in Table 2)

 Identity Security (Shown in Table 3)

HP believes these areas of protection cannot be accomplished with only bolted on solutions. This is why HP ensures that

security is built-in to the PC in all three layers:

 BIOS - HP BIOSphere integrates many security features at the core of the PC.

 Software – HP Client Security software features.

 Hardware – Vetted out security related hardware modules.

These multiple protection points guard against security attacks, loss or theft. As a result, HP Business PCs can defend

businesses and users conveniently. HP Client Security helps you meet compliance requirements with thoroughly tested

comprehensive, multi-layer features that are easy to deploy and manage. Tables 1, 2, and 3 below provide a list of features

for each of the three layers falling under Data, Device, or Identity. The following paragraphs provide a more complete

description of each feature.

Table 1 Data Protection Security Features

Layer

Data protection

Description

BIOSphere

HP DriveLock

Protects your hard drive data by not allowing it to operate unless you

enter the appropriate password when the system is turned on. DriveLock

supports both Self-Encrypting and standard hard drives.

HP Automatic DriveLock

With Automatic DriveLock the BIOS provides the password when the

system is turned on. This prevents the drive from being used in another

system unless the BIOS Administrator passwords match.

HP Disk Sanitizer

Allows you to permanently destroy data on the hard drive prior to

redeployment or system disposal. Unlike hardware-based Secure Erase

(See Secure Erase5 on page 10), Disk Sanitizer is a software solution that

rewrites the entire drive. Only traditional hard drives are supported by

Disk Sanitizer.

Software-based

HP Drive Encryption

Drive Encryption software encrypts all information on a hard drive (HDD

or SSD) volume so that it becomes unreadable during unauthorized

access. Starting with new 2013 PCs, HP Drive Encryption is FIPS 140-2 L1

certified.

 With Drive Encryption, authentication (a password, smart card or

fingerprint) is required before Windows will even start

 Encrypted drives removed from the system cannot be read by another

PC without proper authorization

 HW encryption is supported with Self-Encrypting Hard Drives (SEDs).

 HP Drive Encryption provided with new 2013 (and later) PCs is

 For enterprise level manageability, HP Drive Encryption is upgradeable

to WinMagic SecureDoc Enterprise. HP offers licensing for HP and non-

HP PCs.