Security, Manageability, and Multi Tasking in the Age of Remote Work: Interview With Intel’s Stephanie Hallford
Security, Manageability, and Multi-Tasking in the Age of Remote Work: Interview With Intel’s Stephanie Hallford
With everyone forced to adapt to a new world, we asked Intel how it sees the future of business PCs.
By Jamshed Avari | Updated: 20 January 2021 13:05 IST
Stephanie Hallford, VP and GM of Business Client Platforms, Intel
The pandemic period has shown how important PCs are in our lives
New security protections are needed to address emerging types of threats
Several brands announced 11th Gen vPro laptops at CES 2021
Along with new processors for gaming laptops, self-driving car tech, and previews of next-gen architectures, Intel used its presence at CES 2021 to launch the 11th Gen vPro platform for a new wave of business laptops. What sets vPro-enabled PCs apart from ordinary ones is additional validated hardware and software for security, reliability, and remote management which includes deployment and serviceability in large-scale business environments. Over 60 new vPro-enabled laptops are set to launch in 2021, taking advantage of these features, plus the performance, graphics, AI, and battery life improvements of the underlying 11th Gen ‘Tiger Lake' CPU architecture. Some of these laptops will be ultraportables developed under intel's Evo initiative, which has its own set of requirements in terms of performance and design.
Gadgets 360 was able to catch up with Stephanie Hallford, Vice President and General Manager of Business Client Platforms, Client Computing Group at Intel, to talk about what makes business PCs different, and how the past year has changed the way we talk about productivity and what workers as well as managers should know about the 11th Gen vPro platform.
Gadgets 360: So what's new with vPro and business PCs from Intel at CES 2021?
Hallford: What we are able to bring out this year is a real leap forward in our security and remote manageability capabilities, which have proven to be really timely with the pandemic and the realities of remote work... We're all now experiencing what it's like to be on Office 365 using Teams; you've got your background blur on, you're doing some video editing on your own. What we're finding is [with] the 11th Gen platform, the performance of the graphics, and the AI acceleration, that's allowed us to get over a 20 percent improvement in productivity in that real-life setting over the competition… We're redefining compute to be broader than just the CPU. Really, compute is brought out by many of these platform features that are allowing the experience and the security and the manageability to come forth.
The 11th Gen vPro platform promises all the capabilities of the 'Tiger Lake' CPU architecture
Gadgets 360: How does vPro matter to everyday workers, and what's new in terms of business requirements with the 11th Gen?
Hallford: We've been really focusing less on just the benchmarks, [and more on] how workers like ourselves really live. What do we do during the day, and how is that experience realistically measured? Collaboration and content creation are things that employees require right now, in fact, more than ever before.
Hardware Shield is a requirement in our vPro stack. Stepping back, it's sort of three levels of hardware-based security. One is below the OS – these are things that we've been doing to protect the BIOS and the firmware layer that's beneath the OS. Secondarily, it's working with OS vendors to have app and data protection; things like CET (Control Flow Enforcement Technology).
We invented [CET] and work with Microsoft to enable it. This essentially allows us to prevent an entire class of attacks, which is Control Flow Attacks. In a demo [shown during the Intel CES keynote] I show both an AMD system and an Intel system, and we've written code to hide a malware attack in a typical website. In the competitive system, we click on it and the attack goes undetected. In the Intel system, we click on the same hidden malware and you can see the CET technology recognise the attack, shut it down, and protect the machine.
And then [in the third layer] above the OS, we introduced a new capability which is called TDT, or Threat Detection Technology. This works with hardware-based intelligence that enables [client security software] to detect ransomware and crypto mining. As you know, ransomware has really been a problem, even in hospitals and schools in this recent pandemic period. In the instance of a ransomware attack, the Intel system is able to detect the attack, and then we offload the compute requirements to the GPU, so that the CPU can continue to drive forefront needs and keep up with productivity and the other things. It's security without the productivity hit. We're [also acknowledging] that protection is much stronger when it's a combination of software and hardware.
Gadgets 360: Are there any specific new kinds of security threats that you've become aware of that crop up just because of this change in circumstance and change in people's behaviours?
Hallford: I think that attackers are always staying one step ahead, so our key is to stay two steps ahead. I would say every year there's new types of attacks. You know the Control Flow Attack is one that has really risen in recent years because attackers are saying ‘OK, if the OS is harder to get into, how do we get around it? How do we do more BIOS layer and firmware layer attacks?' So any surface area is ripe for attack now.
Gadgets 360: Before Tiger Lake was launched, there was talk of total memory encryption. Is that playing into all of this?
Hallford: Yeah, we also announced total memory encryption, and that's protection for additional surface area in the memory from attack; that is also included in our 11th Gen platform.
Hardware Shield works on multiple levels to mitigate security threats
Gadgets 360: Coming to the whole pandemic situation, what has really changed for you, and what do you think the biggest things are that you've learned that will change your roadmaps going forward?
Hallford: While we would never have predicted it – no one would have – what we have found is that some of the technologies we had been working on proved to be absolutely timely. We had been working on making our AMT (Advanced Management Technology) easier to implement and less complicated, being able to implement it through the cloud, and making it mobile-friendly. We had launched our new tool EMA (Endpoint Management Assistant)… [and] the ability for service providers or IT departments to be able to reach PC's remotely, obviously that was perfect timing.
Another area that I think we had called correctly was the need to work with system integrators and solution providers to bring that capability forward. In India we work closely with HCL, Wipro and TCS. The former two I think have already integrated EMA into their solution, so they are able to manage those thousands of companies that they manage worldwide; they're able to reach systems remotely; patch systems remotely; keep them secure or just simply monitor them.
I would say the security and the ability to stay ahead of an increasingly robust group of cyber attackers are two areas that have proven to be very valuable, so we will continue to invest in that arena. I think we will continue to drive hardware-based security and you'll see us continue to put a lot of focus on that in our future roadmaps too.
We [also] announced Wi-Fi 6E [on vPro] which is a huge leap in wireless technology. It's the greatest leap in Wi-Fi in the last 20 years, and our ecosystems are the first ones to be equipped with that. We understand now that connectivity is more important than ever, and so you'll see us continuing to invest in Wi-Fi and connectivity improvements and solutions in our roadmap.
The other area that I would say we are continuing to invest in is what sort of telemetry we can pull out from our systems and our hardware to help drive better experiences for IT managers. Ideally, that intelligence is both proactive and predictive, allowing them to understand where their network blockages are. Can we go in and help IT providers check their systems? Are their drivers updated? Where are they on the network? What devices are failing and where are they having bottlenecks? Can we even potentially patch earlier? Those are some of the things we're looking at now.
Gadgets 360: Is that new, being able to collect that kind of telemetry and analyze it?
Hallford: We've had capabilities internally, with consumer systems, [where] we were collecting for instance battery life issues or Wi-Fi issues, and then [developing] the capability then to send out a Wi-Fi driver update. As we're building some of these capabilities into our business systems, [we're] thinking about how do we go beyond just a fix. Can we actually extend the capability if we've got the insight; can we help remediate?
You'll see more innovation in that area as we figure out how to utilise the intelligence that we do have. But in this new world, there are a lot of privacy concerns; you gotta tread lightly into [telemetry] and you've got to make sure that you're not extracting information that isn't agreed to by the user, so there's complexity in implementing that. There's legalities and privacy concerns too.
Gadgets 360: How is vPro adapting to new needs that system administrators might have with so many people working remotely? How do they help end users who might not be very tech-savvy and know that any of this is happening in the background?
Hallford: I think it's been a real learning curve for a lot of IT departments that had never really managed a remote workforce. I think it took [a while] and was definitely disruptive. How did they get systems to their users with as little touch as possible? I think many of them had a slower rollouts and productivity was definitely impacted, but most of them figured out how best to do that. A lot of companies would create mini hubs around the world where they would have small IT departments build the image, test the machines, and then ship them out. This was done cheaper and faster than perhaps they had done before. So there have been some innovations on that front. Obviously, completely touch-free IT builds are the desire, and that's complex, but we're certainly working with our partners to do that.
Intel Evo-certified ultraportable laptops will also be available with vPro enabled
Gadgets 360: A lot of people were caught unawares by sudden lockdowns, and had to snap up whatever computers they could buy or use their home machines, which aren't vPro-enabled. How do all of those get integrated into a secure corporate system? Do you have any way to bring them into the fold and to help IT staff manage their security?
Hallford: Well, in those kinds of cases, if they don't have the built-in vPro hardware security features, it's really more of a software-only solution that many of the businesses will implement. While many of those are very good, the issue that most of our end-user companies complain of is the hit on productivity and the weighing down on performance when you start loading up all these software security agents. It really drags down the systems and the network, particularly if you are on a VPN because you need to be on the trusted network.
I think what we're finding is there's a lack of satisfaction with the experience that's provided. When they're trying to work with Zoom and Skype and Teams and WebEx, and all of the video collaboration tools, the hit on performance and even on battery life is substantial.
Gadgets 360: So isn't it time then for vPro to become a default feature of all Intel CPUs? Maybe vendors can enable certain things with firmware depending on whatever a user needs, but hasn't this past year shown us that there's really no need for hardware segmentation?
Hallford: Well, yes and no. I agree that security is necessary up and down the stack, and we do put some of our capabilities into our full lineup, but there are some that businesses are more interested in and more capable of supporting than what's needed in a consumer lineup. We do believe security comes first and foremost, but I think what businesses require is slightly different than what you may need If you're really [spending] most of the day on TikTok or YouTube, or just emailing.
Gadgets 360: Everybody could benefit from ransomware and cryptomining malware detection, though. Do these things stay exclusive to vPro-enabled systems or do they eventually migrate to just being capabilities of Intel processors?
Hallford: Traditionally we take a waterfall approach, so you'll see us introduce something on the higher end as we're proving out the technology, or as the scale has not reached a degree that it's affordable. In order for something to not add a tonne of BOM (Bill of Materials) cost, you need enough scale that the supply chain allows for a cheaper component. There's cost sensitivities, and businesses are more willing and capable of affording some of those technologies in the early days. Then as they scale, as they become more prevalent, we waterfall them down the stack. I think you will see us continuing to do that and looking for ways to potentially offer even a segmented or lighter version of some of the current technologies – we are looking at that in our future roadmap.
Gadgets 360: Do you think the onus for security and management is shifting more to end users rather than, say, system administrators or an infrastructure level?
Hallford: You know, I don't see that yet. Attacks are getting more and more sophisticated and they're going to be ongoing and prevalent. How do we help stay ahead of it? I think you're going to find some of the onus on end users who will be able to buy certain elements of software. But quite honestly, [with] the sophistication that we're seeing nowadays, even recent attacks that have been in the news are incredibly complex. So I do think that it's going to have to be a partnership. We're going to have to keep innovating at the silicon layer. Software vendors are going to have to keep implementing, and then there is going to be increased awareness with end users to take some responsibility for their own [security].
Gadgets 360: Do you think Intel is doing enough to explain what vPro is and why people might need it? Has that changed over the past year?
Hallford: Yes, I do. Is it enough? No, we have still more to do, but we did invest this year in a unique marketing campaign. We were able to get out to IT departments using social media and blogs and whitepapers, and we utilized more humour and typical advertising traits to get people interested. [We tried] to make it fun and not as boring as B2B can sometimes be, and it was very successful. So we found when we did our post campaign research, in the groups that had seen the campaign, the knowledge and preference for vPro shot up 40-50 percent. We proved to ourselves that more education makes a difference, and you'll see us this year having even a broader and much bigger effort there. That means that my management's continuing to invest in the commercial space and they like what they've seen.
Gadgets 360: We've seen that PC sales boomed in 2020, across categories and segments. Do you think that's going to be a bubble because of this pandemic situation? Will this have any effect on the replacement cadence over a longer term?
Hallford: You know, I don't think it will be a bubble. I do think that there were unique circumstances that created, particularly, a Q4 boom, but throughout the year we had [people] just scrambling for any device that was available. So I think what will happen... is there's going to be a big leap forward in a number of new capabilities that will only be realised with new hardware. As users become more familiar with the need to have advanced, modern hardware in order to take advantage of new software features, I think we'll continue to see a refresh situation. I actually think that in the pandemic, [there has been a] realisation of how crucial PCs are to your everyday life, not just your business life, but your communication with your family and people all over the world. I think it's been a real renaissance for the PC. I'm very positive that this trend will continue, and innovation and investment will continue around the PC and the whole ecosystem.