Is Lenovo Getting into Security Appliances?

Amid the noisy and crowded aisles of the RSA Conference in San Francisco April 20 to 24 was a curious exhibit, a small booth with a backdrop picture of the Great Wall of China and the declaration, "Lenovo: The leader of Information Security in China." On a folding table sat a Lenovo-branded 3U (5.25-inch) security gateway appliance—the KingGuard (see photo below).

"We sell only in China today, but we are looking for partners to bring it to the U.S.," says Jiangli Li, vice president of Lenovo Security Technologies, a division of Lenovo.

According to Lenovo literature, Lenovo Security Technologies has been operating in Asia since 2001, building a series of products such as UTM (unified threat management) appliances, firewalls and VPNs. The KingGuard security gateway was launched in 2008, providing deep packet inspection, protocol analysis, traffic management and load balancing, and incident logging with up to 20G-bps throughput.

"KingGuard applies several innovative technologies like unique matrix parallel processing and dynamic load balancing multicore CPU to improve security network processing capabilities and reliability of the whole system," reads product literature.

In the United States, Lenovo is mostly focused improving the embedded security in its ThinkPad notebooks. But Stacy Cannady, product manager for security at Lenovo, says Lenovo is experimenting with several technologies and potential products that may eventually find their way to the U.S. market. Cannady equates it to concept vehicles that auto manufacturers roll out at car shows—"Sometimes the products make into production; sometimes they don't."

While much of Lenovo's security attention is devoted to hardening and protecting its personal computers, the company that IBM sold its PC business to in 2004 is showing signs of establishing a bigger presence in the security market.

Lenovo recently unveiled Hardware Password Manager, a server-based enterprise solution for managing and recovering passwords used for client-side full-disk encryption. Lenovo has supported full-disk encryption since May 2007 when Seagate Technology released its self-encryption hard drives. Capabilities for interacting with Hardware Password Manager are included in the newer ThinkPad and ThinkCentre PCs with Intel's dual-core Centrino 2 chip set, and will be included in ThinkPad and M-series desktops in the future.

The Hardware Password Manager is designed to allow IT security administrators to manage scores of ThinkPads, encrypt drives and provide a mechanism for recovering lost credentials.

"Customers love the idea of self-encryption, but they're not going to deploy it unless they can manage it," Cannady said.

Lenovo's security strategy is following a well-worn development path, in which innovation often begins in software, migrates to firmware and eventually graduates to become a hardware solution. Cannady says the same migration path is what led to multifactor authentication that in turn led to Lenovo including a built-in fingerprint scanner for biometric authentication to replace or strengthen password log-ins.

Given Lenovo's focus on making its devices more secure, its criteria for the development of new security products and features are: protecting data residing on PCs, protecting enterprises from PCs that have been compromised and guarding against theft devices.

Lenovo recently launched a new product that allows users to disable a PC with a cell phone text message should it be lost or stolen. The service is more of a consumer offering today since there's no management system that will enable an enterprise to manage lockouts and recovery of stolen assets. Cannady says Lenovo is working on that management capability, which will eventually bring the theft protection service to the enterprise.

"Going forward, we have to ensure that when we add a new security feature that we have an ability to manage it," Cannady says.

By embedding security features such as fingerprint biometric authentication, full-disk encryption and remote disabling functions in its PCs, Lenovo aims to create a strong competitive differentiator to help solution providers sell its products and business consumers justify the spending on its PCs.

Innovations in manageability of embedded security measures may lead to the creation of external security measures or the importation of existing security appliances into the U.S. market. For now, Cannady says Lenovo—in the United States—is firmly focused on embedded security rather than network appliances.

"Usability of a technology is very important to its success," he says. "Just pasting it on won't make it a success."