moves the confidential data to the personal secure drive. The warehouse manager can enter a
password and access the confidential data just like another hard drive. When he logs off or reboots
the personal secure drive, it cannot be seen or opened without the proper password. The workers
never see the confidential data when they access the computer.
Embedded Security protects encryption keys within a hardware TPM (Trusted Platform Module) chip
located on the system board. It is the only encryption tool that meets the minimum requirements to
resist password attacks where someone would attempt to guess the decryption password. Embedded
Security can also encrypt the entire drive and email.
Example 2: A stock broker wants to transport extremely sensitive data to another computer using a
portable drive. She wants to make sure that only these two computers can open the drive, even if the
password is compromised. The stock broker uses Embedded Security TPM migration to allow a
second computer to have the necessary encryption keys to decrypt the data. During the transport
process, even with the password, only the two physical computers can decrypt the data.
Drive Encryption for HP ProtectTools (select models only)
Drive Encryption is used to restrict access to the data on the entire computer hard drive or a
secondary drive. Drive Encryption can also manage self-encrypting drives.
Example 1: A doctor wants to make sure only he can access any data on his computer hard drive.
The doctor activates Drive Encryption, which requires pre-boot authentication before Windows login.
Once set up, the hard drive cannot be accessed without a password before the operating system
starts. The doctor could further enhance drive security by choosing to encrypt the data with the self-
encrypting drive option.
Both Embedded Security for HP ProtectTools and Drive Encryption for HP ProtectTools do not allow
access to the encrypted data even when the drive is removed, because they are both bound to the
original system board.
Example 2: A hospital administrator wants to ensure only doctors and authorized personnel can
access any data on their local computer without sharing their personal passwords. The IT department
adds the administrator, doctors, and all authorized personnel as Drive Encryption users. Now only
authorized personnel can boot the computer or domain using their personal user name and
password.
File Sanitizer for HP ProtectTools (select models only)
File Sanitizer for HP ProtectTools is used to permanently delete data, including Internet browser
activity, temporary files, previously deleted data, or any other information. File Sanitizer can be
configured to run either manually or automatically on a user-defined schedule.
Example 1: An attorney often deals with sensitive client information and wants to ensure that data in
deleted files cannot be recovered. The Attorney uses File Sanitizer to “shred” deleted files so it is
virtually impossible to recover.
Normally when Windows deletes data, it does not actually erase the data from the hard drive. Instead,
it marks the hard drive sectors as available for future use. Until the data is written over, it can be
easily recovered using common tools available on the Internet. File Sanitizer overwrites the sectors
with random data (multiple times when necessary), thereby making the deleted data unreadable and
unrecoverable.
Example 2: A researcher wants to shred deleted data, temporary files, browser activity, and so on
automatically when she logs off. She uses File Sanitizer to schedule “shredding” so she can select
the common files or any custom files to be permanently removed automatically.
HP ProtectTools security product description and common use examples 5