News

Wave Outlines Windows 8 Mobile Device Management Alternative

• By Kurt Mackie
• 02/14/2013

The built-in security capabilities of Windows 8 devices could simplify matters for IT organizations that are considering bring-your-own-device (BYOD) scenarios.

At least that's the view of Wave Systems Corp., an independent software vendor and board member of the Trusted Computing Group. The Lee, Mass.-based company is on the brink of rolling out its new "Wave mobility solution" for Windows 8 Pro devices, although it currently offers a fully baked solution for Windows 7 machines that can be tested today. In an announcement issued this week, Wave is suggesting that its solutions can replace the need for having a mobile device management (MDM) solution in place to handle the complexities of BYOD.

To hear Wave tell it, the Windows 7 or Windows 8 device itself can act as a security token. The Trusted Platform Module (TPM), which is a chip soldered into the device's motherboard, stores user credential information. Mobile device users enter a single PIN to connect to corporate network resources, which avoids having to enter multiple passwords for access. On the back end, Microsoft's Active Directory can be used to manage the security certificates and even disable a device remotely should it get lost.

Such management capabilities are possible for devices that have the TPMs, according to Brian Berger, executive vice president at Wave Systems.

"We know with all commercial PCs -- notebooks, desktops and ultrabooks on the commercial side of the business user models -- that they are shipping with TPMs," Berger said in a phone interview. "Both [Windows] RT and Windows [8] Pro tablets have TPM technology built in as well."

Wave works with about 3,500 enterprises that use its solutions. Those organizations that have given feedback to Wave about BYOD management have indicated that they want tablets that can run Windows and Office. They want the consumer experience, while also maintaining enterprise control, Berger said.

"We've taken the approach that we've always done with enterprise-class PCs and brought it to the mobility side and said, 'We can do this on these tablets for you, and give your users that mobility experience of having slates or tablets or convertibles or hybrids that run full Windows, that run Microsoft Office, and give you that compliance and manageability that you've always asked for in the infrastructure you already own -- Active Directory, Server 2010 or 2008 -- and not have to buy a third-party MDM solution'."

The security can be enhanced by including a fingerprint scanner on the device. In addition, Wave offers a way to measure platform-state changes through endpoint monitoring, which will alert IT pros of potential security issues. The endpoint monitoring solution checks for changes to a device's master boot record or changes to the BIOS. Another security technology offered by Wave is self-encrypting drives based on the Trusted Computing Group's Opal standard, although organizations can also use Microsoft's BitLocker drive encryption.

The forthcoming Wave mobility solution for Windows 8 Pro machines likely will be available in the next 30 to 40 days or so, according to Berger. This product, which could get a future name change, is presently undergoing testing with some of Wave's customers.