Thursday, June 25th 2020

Lenovo Introduces New Factory Services for Expanded Portfolio of Windows Secured-core PCs

Lenovo today announced a significant expansion of Secured-core PCs within its ThinkShield portfolio. In addition to offering a wider selection of these devices, Lenovo also introduced its new Secured-core PC Enablement Service to support customers with custom imaging, BIOS protection, and configuration of operating system settings. Designed to simplify and further secure the deployment of these devices within an organization, this new factory service can be purchased as an add-on to the device.

Integrating hardware, firmware, software and identity protection, Windows 10 Secured-core PCs offer a deeper level of protection against highly advanced threats and increasing risks of cyberattacks and malware. Since their introduction in October 2019, Lenovo has offered two devices that are capable of being ordered as Secured-core PCs, the ThinkPad X1 Yoga Gen 4 and the ThinkPad X1 Carbon Gen 7. As part of the recent Secured-core PC portfolio expansion, Lenovo will now offer ten additional devices: the ThinkPad X1 Carbon Gen 8, ThinkPad X1 Yoga Gen 5, ThinkPad X13, ThinkPad X13 Yoga, ThinkPad T14s, ThinkPad T14, ThinkPad T15, ThinkPad P1 Gen 3, ThinkPad P14s and ThinkPad P15s premium laptops. These Modern Standby enabled laptops focus on providing a smarter and more secure working experience and feature several innovations to empower remote workers. Emerging technologies including PrivacyGuard, WiFi 6 and up to CAT 16 WWAN can be invaluable in meeting the needs and desires of remote workers.
Services Designed to Strengthen Security & Facilitate Deployment
While Secured-core PCs have the related security features enabled at the time of purchase, IT departments have traditionally had to complete additional time-intensive tasks in order to set-up the new Secured-core PC upon receipt. These steps can include installing custom images, operating system configuration and manual password setup in order to protect BIOS settings, actions that would have to be performed on each new device.

Through the new Secured-core PC Enablement Service provided by Lenovo Services, Secured-core PC BIOS settings can be loaded at the factory with BIOS passwords set, as defined by the customer. This not only prevents tampering during shipment, but also keeps end users from being able to change the BIOS settings. Additionally, Lenovo can configure all of the required Secured-core PC Windows operating system settings on behalf of the customer. By selecting this service, companies can have the confidence that their device's BIOS and operating system security features are set and shipped ready to deploy consistently across the entire fleet, requiring no additional configuration by an IT admin.

"Now more than ever, our customers are looking to us for ways to add additional layers of security while also supporting workforce productivity. With Lenovo's Secured-core PC Enablement Service, we are able to give customers greater confidence that their Secured-core PC has been configured correctly, the peace of mind that it will be better protected during shipment and the ability to get their employees up and running faster with their new device, wherever they may be," says Rebecca Achariyakosol, Executive Director, Global Services Product Development and Marketing of the Intelligent Devices Group at Lenovo.

Availability
Lenovo's new portfolio of secured-core PCs will be available worldwide from June 2020.
Add your own comment

9 Comments on Lenovo Introduces New Factory Services for Expanded Portfolio of Windows Secured-core PCs

#1
lexluthermiester
btarunr
Windows Secured-core PCs
There's a contradiction in terms..
Posted on Reply
#2
Easo
lexluthermiester
There's a contradiction in terms..
Not really unless you are into conspiracy theories.
Posted on Reply
#3
altcapwn
It's just Lenovo portable systems with an AMD CPU :laugh:.

For real, I'm curious to see this product IRL from a sysadmin perspective.
I guess it's a UEFI packed with additional features. But for those features to be active in Windows, do we need to install a load of bloatware? Is it really more secure, or it's just like Intel Management Engine?

Is it like a server BIOS-IMM? Does it requires licensing over time?

I guess I have stuff to go read.
Posted on Reply
#5
lexluthermiester
Easo
Not really unless you are into conspiracy theories.
Or have a great deal of real world experience. Seriously, one of my employees challenged me to setup Windows as secure as I could get it and right in front of us he hacked into that machine with an OG Motorola Droid, rendering it unbootable. Granted, that was Windows 8.1 a few years ago and he did not succeed with Windows 7. I have no doubt that someone with the right know-how could make short work of Windows 10.
Posted on Reply
#6
zlobby
Emerging technologies? HP had this since years.
Posted on Reply
#7
R0H1T
remixedcat
intelME on steroids or meth?
Pfft that's so 2k, we have Fentanyl now :pimp:
Posted on Reply
#8
R-T-B
lexluthermiester
Or have a great deal of real world experience. Seriously, one of my employees challenged me to setup Windows as secure as I could get it and right in front of us he hacked into that machine with an OG Motorola Droid, rendering it unbootable. Granted, that was Windows 8.1 a few years ago and he did not succeed with Windows 7. I have no doubt that someone with the right know-how could make short work of Windows 10.
I have more doubts with 7 now than 10. So many unpatched open bugs left with 7.

Really, Windows is easy to hack if your on the same LAN. That's how it's almost designed, really.
Posted on Reply
#9
lexluthermiester
R-T-B
So many unpatched open bugs left with 7.
Not that a solid firewall config can't solve, if you meant vulnerabilities. But yeah that was a few years ago.
R-T-B
Really, Windows is easy to hack if your on the same LAN. That's how it's almost designed, really.
That was the impressive part, he wasn't.
Posted on Reply