HP Client Security Commercial Managed IT Software Technical whitepaper
HP Client Security Technical Whitepaper 
August 2016 
747889-002 
© Copyright 2016 HP Development Company, L.P. 
HP Security Strategy  9 
4 HP Security Strategy 
The HP security strategy to protect users is encompassed through: 
  Data Security (Shown in Table 1) 
  Device Security (Shown in Table 2) 
  Identity Security (Shown in Table 3) 
HP believes these areas of protection cannot be accomplished with only bolted on solutions. This is why HP ensures that 
security is built-in to the PC in all three layers: 
  BIOS - HP BIOSphere integrates many security features at the core of the PC. 
  Software – HP Client Security software features. 
  Hardware – Vetted out security related hardware modules. 
These multiple protection points guard against security attacks, loss or theft. As a result, HP Business PCs can defend 
businesses and users conveniently. HP Client Security helps you meet compliance requirements with thoroughly tested 
comprehensive, multi-layer features that are easy to deploy and manage. Tables 1, 2, and 3 below provide a list of features 
for each of the three layers falling under Data, Device, or Identity. The following paragraphs provide a more complete 
description of each feature. 
Table 1  Data Protection Security Features 
Layer 
Data protection 
Description 
BIOSphere 
HP DriveLock
1
Protects your hard drive data by not allowing it to operate unless you 
enter the appropriate password when the system is turned on. DriveLock 
supports both Self-Encrypting and standard hard drives. 
HP Automatic DriveLock
2
With Automatic DriveLock the BIOS provides the password when the 
system is turned on. This prevents the drive from being used in another 
system unless the BIOS Administrator passwords match. 
HP Disk Sanitizer
3
Allows you to permanently destroy data on the hard drive prior to 
redeployment or system disposal. Unlike hardware-based Secure Erase 
(See Secure Erase5 on page 10), Disk Sanitizer is a software solution that 
rewrites the entire drive. Only traditional hard drives are supported by 
Disk Sanitizer. 
Software-based 
HP Drive Encryption
4
Drive Encryption software encrypts all information on a hard drive (HDD 
or SSD) volume so that it becomes unreadable during unauthorized 
access. Starting with new 2013 PCs, HP Drive Encryption is FIPS 140-2 L1 
certified. 
  With Drive Encryption, authentication (a password, smart card or 
fingerprint) is required before Windows will even start 
  Encrypted drives removed from the system cannot be read by another 
PC without proper authorization 
  HW encryption is supported with Self-Encrypting Hard Drives (SEDs). 
  HP Drive Encryption provided with new 2013 (and later) PCs is 
powered by WinMagic. 
  For enterprise level manageability, HP Drive Encryption is upgradeable 
to WinMagic SecureDoc Enterprise. HP offers licensing for HP and non-
HP PCs. 










