Foundational Engineering: Security Legacy Meets User-Centered Design

Nowadays, there are two types of companies: those that have experienced security breaches, and those that don’t know they have. In our highly interconnected world, there are serious security threats everywhere – stolen devices, data theft, ransomware, transaction fraud, software vulnerabilities, cloud hacks – the list goes on and on.

At Lenovo, security is in our DNA and is essential in every step of the product life cycle. ThinkPad integrated a security subsystem as far back as 2002 and the first to add fingerprint reader authentication in 2004. Building on the rich heritage of delivering cutting-edge security solutions like fingerprint technology and applying design thinking with the end user in mind, the engineering of the latest Lenovo ThinkPad X1 products strikes a fine balance between manageability and usability with zero compromise on security.

“The ramifications of a security breach extend beyond the immediate financial impact.  The erosion of stakeholder trust, damage to brand, the potential loss of intellectual property and regulatory impact are some of the considerations that organizations must keep in mind as the threat landscape continues to evolve on a daily basis.  This new paradigm shift means detection and remediation are vital,” says Nima Baiati, Global Director and GM of Lenovo Cybersecurity Solutions.

The erosion of stakeholder trust, damage to brand, the potential loss of intellectual property and regulatory impact are some of the considerations that organizations must keep in mind as the threat landscape continues to evolve on a daily basis.

A 360° Approach to Security

Lenovo announced ThinkShield in 2018, a comprehensive suite of security solutions designed to protect the entire product lifespan. By securing devices right from the manufacturing and supply chain, ThinkShield ensures that the devices aren’t infected or compromised before they’re even turned on.

We oversee the security of suppliers who build intelligent components, making sure they conform to their policies and guidelines. On top of that, we work with Intel to align with its Transparent Supply Chain, allowing customers to validate the integrity of each component of their new system.

ThinkPad X1 are also designed with deep integration between hardware and software and feature the most advanced CPUs available. Windows 10 Secured-core PCs are intended to handle mission-critical data in some of the most data-sensitive industries.

A ThinkPad X1 Secured-core PC is a modern Windows device that comes with the highest level of hardware, software and identity protection ready right out-of-the-box.

David Weston, partner director, OS security at Microsoft, says, “Businesses are facing increased risk as adversaries become more sophisticated and targeted in their attacks. In this elevated threat landscape, an integrated hardware and software approach to protection is essential. Secured-core PCs are designed to prevent these kinds of targeted firmware attacks rather than simply detecting them.”

Secured-core PCs are designed to prevent these kinds of targeted firmware attacks rather than simply detecting them.

Backed by deep expertise and supported by a global network of trained and certified technical service professionals, Lenovo applies the “security by design” concept in everything we do.

Given the growing complexity of networks and the increasing sophistication of security threats, ThinkShield provides four pillars of protection encompassing device, data, identity and online solutions. From Privacy Guard, ThinkShutter, “Keep Your Drive” Service, USB Secure Hard Drive to Secure Docking, FIDO (Fast Identity Online), Match-on-Chip Fingerprint Reader and Bufferzone, to name but a few solutions, the goal is to have organizations and users shielded from every angle.

ThinkShutter Match on Print Fingerprint Reader

Deliver Peace of Mind for Organizations 

Regardless of size or stage of development, organizations today share one common challenge: IT security teams are understaffed and stretched.

The number of cyberattacks is rising every day, and hackers and malicious insiders are constantly developing new and creative ways to expose vulnerabilities – not to mention the growing number of email phishing attacks, or the lack of structural support to foster a security-oriented corporate culture.

According to Gartner, the shortage of skilled security professionals has been a perennial problem that consistently results in failed security technology deployments, and we’ve seen data breach incidents that ended up costing CIO or CEOs’ jobs.  How do you elevate your company’s security with limited resources and find peace of mind? One way is to turn to technology providers you can trust to outsmart the challenges.

That’s why we developed a range of new security and manageability enhancements for BIOS (Basic Input-Output System), the pre-installed firmware and the first software to run when a computer is powered on. We built them into the latest ThinkPad X1 to make it easier for businesses to implement security on a fundamental level.

Let’s take Remote Supervisor Password Setting as an example. BIOS passwords have become critical due to Windows 10 adoption and VBS (Virtualization-based Security) features. Traditionally, ThinkPad systems have not supported setting a supervisor password remotely in order to prevent DOS (Denial of Service) attacks, and that requires someone to physically manage the process.

The new Remote Supervisor Password Setting allows IT administrators to leverage Absolute Persistence 2.0 secure communication framework to set a supervisor password without physical presence, enabling them to deploy thousands of ThinkPad laptops remotely and securely, without the need to physically be at each one.

Another example of the new security features is a self-healing BIOS. When BIOS is corrupted or maliciously attacked, the BIOS will “self-heal” and revert to known good backup copy. This prevents hackers from infiltrating the lowest level firmware code on the device and provides IT teams and users with a resilient BIOS which results in less down time.

In addition, we added ThinkShield Secure Wipe into BIOS which reliably deletes all data from a drive without the need for external tools, meaning IT security teams can now completely wipe off sensitive data on hard drives securely, quickly and effortlessly.

Improve Employee Experience

Who has time to think about cybersecurity when you have two conference calls and a report due while rushing out to pick up the kids? The ThinkPad X1 series is designed by engineers that live and breathe the philosophy of “Foundational Engineering” when creating new devices and features at Lenovo.

We ensure our products adapt to our users’ busy lives and are engineered to deliver smart, convenient and reliable benefits. Building on a legacy of over three decades of delivering secure IT products, solutions and services to consumers and customers across the world, the team puts the experience of end users first with key features and innovations within the ThinkPad X1 series.

Baiati puts this into perspective. “The end-user experience extends beyond traditional senses of look, feel and sound. People want to feel safe when using technology and this emotional state is non-negotiable. Fear of virus infections, hacking and identity theft is real, and we will continue to do everything we can to fight cyber-threats. We created ThinkShield as an innovative portfolio of cutting-edge security solutions to keep you protected.”

ThinkShutter is proof of how ThinkPad engineers have brought a necessary innovation to life for users. Post-its, tape, a fancy webcam cover – people have explored all sorts of things to cover up their webcam – until we introduced ThinkShutter – making ThinkPad the world’s first business laptop with built-in webcam shutter.

A tiny sliding cover that sits next to the webcam at the top of the device, it can be moved to the side when you want to make a Skype call or record a video, then slid back when you are not using the camera to protect your privacy.

Another example is PrivacyGuard, a built-in screen filter that prevents shoulder surfing with gaze and presence detection. The feature uses an IR camera to detect if someone is behind you, enabling privacy alerts.

It also has the ability to darken the display and make it only viewable to you if you are sitting directly in front of the laptop. Need to work on a confidential document in a coffee shop or on a plane? PrivacyGuard will come in handy.

PrivacyGuard
PrivacyGuard is a built-in screen filter that prevents shoulder surfing with gaze and presence detection.

If you’ve ever wondered how to protect your identity without using passwords that are hard to remember or easy to hack, ThinkPad X1 has got you covered.

ThinkShield provides multiple factors of authentication, many of which are supported by Intel Authenticate. Furthermore, Lenovo is the first vendor to integrate FIDO-certified authenticators directly into Microsoft Windows PCs.

FIDO authenticates identities on sites like PayPal, Google, and Dropbox using secure fingerprint technology, and it’s also a highly secure and private way for employees to use their fingerprints as a second factor when they log into corporate networks and other connected business resources.

Our match-on-chip fingerprint reader uses cutting-edge Synaptics technology to perform authentication completely in the reader. Additionally, we incorporated a robust anti-spoofing algorithm called Quantum Matcher based on image analysis with machine learning to greatly reduce the probability of successful spoofing attacks.

All in all, these features require minimal effort from the employees, all while enhancing the level of security – helping to create a positive experience for end users and IT security teams in the organizations. Empowered with the right technologies and ThinkShield solutions, teams can focus on increasing productivity and driving innovations, which will eventually help improve the bottom line.

When Lenovo’s security legacy meets user-centered design, we are proud to see our concept of “Foundational Engineering” are helping organizations and individuals with more than technologies.

[ssba]

MWC 2024

Experience breakthrough technology solutions and see how we're transforming, connecting, and empowering the world with AI for all.

Join us Feb. 26-29
Don't Miss StoryHub Updates: