SOLUTION BRIEF

Intel® Remote Secure Erase

intel

Repurposing a PC Made Easy

Enterprise Client Technology SoLutions Secure Computing

Providing IT administrators a secure method for remotely sanitizing an lntel® Solid State Drivefrom a familiar management console when retiring or repurposing a system.

Advance your security and lower your total cost of ownership.

Executive Summary

When a PC is retired or repurposed, information security policies often require data be "sanitized" from the drive, which can be difficult, time consuming, and costly if outsourced to a third party. Intel® Remote Secure Erase can provide a solution to all of these issues.

An lntel® Remote Secure Erase-based so.ution provides the IT administrator a way to sanitize all data, allowing for imrnedia.e reuse of the solid state drive (SSO), while saving significant administrative time anti costs. What makes Intel Remote Secure Erase a unique solution is its ability to more securely sanitize the SSO independent of a functioning operating system (OS) while fully integrated with a familiar IT management console.

Choosing the Intel Remote Secure Erase solution reduces costs and allows for reinvesting IT time in higher priorities.

Security at a Cost

Today's secure erase capabilities effectively sanitize the SSD, but potentially at a high cost and with some challenges, The method of initiating the erase varies by platform. In some cases it requires the difficult and time-consuming task of removing the drive from the system by the IT administrator. In some cases it makes more sense to outsource the operation to a 3rd party. These options are time consuming and costly to IT administrators.

If confidential data such as customer or employee information, financial data, or trade secrets are lost, it may have a large financial impact, in addition to the possibility of losing customer trust and brand value. When integrated into your Intel® Active Management Technology (AMT) console.Jntel Remote Secure Erase provides a standard method of sanitizing the drive and allows the secure erase to be completed on a local or remote network-connected system. intel


Use Case

More securely and remotely erase data within seconds

The main usage of this technology is within a corporate environment which has the requirement to sanitize data when repurposing or retiring a PC system. Intel Remote Secure Erase saves time and money while meeting information security policies.

With this solution, if an employee leaves a job, is terminated, or is moving to a new PC, IT is able to initiate a remote secure erase to sanitize the SSD, eliminating the need to remove or shred it. This solution also allows a drive to be erased prior to shipping to another location, thus elimi- n.ating risk of data being lost or stolen during transit.

Many IT administrative departments outsource the tedious task of erasing the SSD due to the time, resources, and manual effort required to complete the operation. As a result. the process can be quite costly. With Intel Remote Secure Erase, our solution is IT friendly, provid- ing an efficient approach to the process of repurposing, that also integrates well into the IT environment resource and costs constraints.

Intel Remote Secure Erase functions in- dependently of power state, as state, or management agent, thus allowing for IT administrators to complete the required erase in different scenarios.

Intel® Remote Secure Erase Leverages Intel® vPro Technology to Initiate the Secure Erase Operation

Intel® vPro Technology - part of the latest generation of Intel vPro processors is a combination of processor technologies, hardware enhancements, management features, and security technologies that allow remote access to the PC including monitoring, maintenance, and management independent of the PC's OS or power state.

One of the many useful features included is Intel® Active Management Technology (Intel AMT). Intel AMT enables better remote management of PCs by:

  • Providing full control of the power state of the entire managed fleet.
  • Reducing costly desk-side support visits and it speeds up diagnosis and repair times.
  • Enabling remote out-of-band management of wired and wireless PCs, even when the OS is non-functional.
  • Allowing service Desk Agents to remotely manage PCs using a management console.
intel

Figure 2: Simplified Architectural View
1Intel Solid State Drive Professional Family, compatible PC and management software with an Intel AMT activated environment are required.

    SIMPLE 2-STEP PROCESS TO INITITATE

  1. Select target System(s)
  2. Send "remote secure erase" command
  3. What happens behind the scenes

  4. Intel® AMT management console locates target system(s) by means of the internet / intranet
  5. Command recieved on vPro equipped system
  6. Intel® AMT passes command to Bios
  7. Bios sends secure erase command to SSD
  8. Data is erased and encryption key is deleted
  9. BIOS confirms completion status to remote console

Solution Architecture

When Intel Remote Secure Erase is executed, the drive's controller sanitizes all existing data, and the encryption key is destroyed thus no data is recoverable. It effectively wipes all data within seconds-independently of power state, OS state or management agent-while providing an authenticated, logged action.

To implement Intel Remote Secure Erase within your environment you will need:

  1. Compatible 6th Generation Intel® vPro platform with Intel AMT activated.
  2. lntel® SSD Professional Family (Intel" SSD Pro 1500 Series, lntel® SSD Pro 2500 Series and beyond). The Intel® SSD Professional Family is designed for IT administrators and corporate end users, with enterprise-ready security and manageability support on lntel® Core vPro processor-based devices.
  3. Compatible client management console; triggers Intel Remote Secure Erase
  4. ATA security enabled on the SSD. If Opal is activated, you must first revert the security state.

Summary

An Intel Remote Secure Erase-based solution saves end customers the cost and risk of manual drive erase processes because it can initiate a secure erase for repurposing a PC with a common tool, while meeting strict data security and privacy rules.

For more information about Intel® Remote Secure Erase visit www.intel.com/ssd

intel

Intel technologies features and benefits depend on system configuration and may require enabled hardware, software or service activation. learn more at Intet.com, or from the OEM or retailer. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel" vpro" Technology is sophisticated and requires setup and activation. Availability of features and results will depend upon the setup and configuration of your hardware, software, and IT environment. To learn more, visit ww,w,inteLcom/technology/vpro. Requires activation and a system with a corporate network connection, an Intel- At-1T-enabled chipset, and network hardware and software. For notebooks, Intel AMT may be unavailable or limited over a host OS-based VPN, when' connecting wirelessly, on battery power, sleeping, hibernating, or powered off. Results dependent upon hardware, setup, and configuration. For more information, visit www.intel.com/content/www/us/en/ architecture-and-technology/intel-active-managementtechnology.html. Cost reduction scenarios described are intended as examples of how a given Intel-based product, in the spectfted circumstances and configurations, may affect future costs and provide cost savings. Circumstances will vary. Intel does not guarantee any costs or cost reduction. Software and workloads used in performance tests may have been optimized for performance onlyon Intel microprocessors. Performance tests, such as SYSmark and MoblleMark, are measured usmg soeonc computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should coosou other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more . comple~e information visit http://www.intel.com/performance. . The products descnbed may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel does not control or audit third-party benchmark data or the web sites referenced in this document. You should visit the referenced web site and confirm whether ~eferenced data are accurate. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade, Copyright@2016 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel Remote Secure Erase,lntel Active Management Technology, Intel vpro" Technology, Intel Core'" vpro", lntel Solld State Drive Profes- sional Family, Intel SSD Pro 1500 Series, Intel SSD Pro 2500 Series are trademarks of Intel Corporation in the u.S. and/or other countries. ·Other names and brands may be claimed as the property of others. Printed in USA 0216/ML/ra ~j Please Recycle 333956-001 US