It had become an annual event: Papa Ginos calling up temporary workers to reconstruct work sitting on users computers. The army of reinforcements was required because employees had forgotten their passwords to access encrypted information stored on their systems.
The process also had become a major productivity drain for the New England-based Papa Gino's Holdings Corp. fast food chain, with 170 Papa Gino's Restaurants, and anywhere from 8,000 to 10,000 employees, depending on the season. Employees work at its central office in Dedham, Mass., as well as at its eateries. Because of the enterprises distributed nature, many journey from site to site to complete their chores, so they need to protect sensitive information, such as store sales data, and were encrypting the information. Each year, we literally had thousands of encrypted files that users could not open, says Chris Cahalin, manager of network operations.
Rather than enhancing its security, encryption diminished it: Some employees would leave their computers in their cars on their travel to remote locations so they wouldnt have to go through hassle of trying to figure out forgotten passwords.
Papa Ginos had been on the lookout for a solution to the problem, and was interested in the Trusted Computing model, which is based on dedicated hardware chips, called Trusted Platform Modules (TPMs), to secure information. In this case, the user relies on a unique identifier, such as biometrics, to open a system rather than a password.
The restaurant chain talked with various hardware suppliers about their support of this approach. We had been an HP shop and examined their desktop and laptop products, Cahalin says. Their TPMs were limited: They only worked with HP devices. Also the desktop system was shipping, but the laptop product was still in development. IBM also had begun to develop TPMs. While its technique could encrypt files, it did not allow users to do that with folders. IBMs approach was a bit more open than HPs, was but would have required that Cahalin track which microprocessor each computer was using, a task he wanted to avoid. The restaurant chain decided that Dell offered the most open, robust TPM solution.
So in the spring of 2005, the fast food enterprise purchased software from Wave Systems Corp. for encryption. The companys Embassy Key Management server provides backup and monitoring of the encryption keys, and its Embassy Authentication Server supports multi-factor authentication.
Papa Ginos considers its endpoints more secure now, and users are more willing to use their laptops when they work remotely because they need only swipe their fingerprints for authentication, and no longer need to remember easily forgotten passwords.
Since making its initial investment nearly three years ago, Papa Ginos has been rolling out TPM systems in a piecemeal fashion, upgrading users computers whenever they are ready for the scrap heap. Initially, the company was spending $40 per device to add TPM functions to each Dell system, but that feature is now included in all new hardware.
Cahalin says the restaurant chain would like to see the expansion of TPM solutions to mobile items, such as cell PDAs. I would like to use TPM-protected email certificates on my BlackBerry, he says.
Meanwhile, the TPM rollout should be completed by the end of this year, and the only folks unhappy with the change are the now unneeded temporary workers.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.