Laptop Security on the Cheap

Papa Gino’s Holdings Corp., which operates pizzerias and sandwich shops under the Papa Gino’s and D’Angelo Grilled Sandwiches brands, wanted to lock down data on scores of laptops and PCs housed in corporate offices and scattered across 200 of its company-owned eateries. Chris Cahalin, manager of network operations at the Dedham, Mass., organization, which both runs restaurants and offers franchises for others, found the solution in silicon: the Trusted Platform Module chip.

Trusted Platform Module, also known as TPM, generates and stores encryption keys, and also houses passwords and digital certificates. The chip typically resides on a PC’s motherboard. The Beaverton, Ore.-based Trusted Computing Group, which develops open standards for hardware-based security, developed the specification for the chip. Many hardware vendors embed the chip in at least some of their PC products.

At Papa Gino’s Holdings, which has an estimated annual revenue of $270 million, the chips come with every Dell desktop and laptop the company buys; the chip’s encryption helps protect restaurant, employee and customer data.

Cahalin employs Wave Systems’ Embassy Trust Suite software in conjunction with TPM to enable pre-boot authentication. With pre-boot authentication, a Papa Gino’s employee must swipe a finger on a biometric scanner before his or her PC or laptop will boot. The scanners are built into laptop models, while PCs use a USB biometric device. This security approach is designed to prevent unauthorized users from accessing data.

Cahalin recently discussed his security strategy with Baselinecontributing writer John Moore.

Next page: Built-In Security