Bringing a laptop to life (and to market) is complicated. It all begins with the build.
Each computer contains baseline parts such as the processor, hard drive, system memory, screen, keyboard, and so on – as well as thousands of sub-components.
But as complicated as the manufacturing process is, there are many steps within the lifecycle of a computer that present a significant security risk to the user and the organization.
In a recent discussion, experts from Intel and Lenovo discussed the inherent security risks of the computer supply chain and how a combination of technology, hardware, and proactive management can help us safeguard computers from cradle to grave.
STEP 1: In transit
Our story begins with a Lenovo ThinkPad X1 Carbon (8th Gen), one of the best-rated business laptops. It starts its life with components from trusted suppliers that use proven, well-vetted security protocols. Once built, it ships from any of Lenovo’s 46 manufacturing centers around the world.
Like a turtle hatchling racing to the sea for safety, the journey between the factory and the laptop’s new home can be harrowing. With no security profile or other provisioning in place, the device presents an easy target to criminals.
At any point in the journey, components contained within the computer could be removed and replaced with substandard parts. Bad actors may switch authentic devices with counterfeit devices. And—in a worst-case scenario—cybercriminals could install malicious code so they can access the device (and, by extension, a company’s entire ecosystem) once it’s activated.
STEP 2: At delivery
The ThinkPad laptop arrives at the home of its new user. This ship-to-home model, where the end-user accepts delivery, is a pandemic by-product due to so many people working from home.
A few short years ago, an important step within the computer supply chain directed most business laptops to an IT cage or hub where qualified technicians provisioned each device before handing it over to the employee. With the ship-to-home model, the end-user carries the critical steps of provisioning and securing the device.
Provisioning involves installing programs and applications to secure the laptop and enable it to perform its intended work. This critical step ensures the computer is properly secured and not infected before accessing the corporate network.
STEP 3: Ready to launch
Fortunately, safeguards were in place to protect the ThinkPad the moment it left the facility.
Utilizing the Intel® Trusted Device Setup (TDS) and Intel® Transparent Supply Chain (TSC) services – developed in partnership with Lenovo – a hardware “root of trust” is established, incorporating details from all of the components used in the creation of the device. Here’s how it works:
Similar to how a checksum authenticates data, the TSC service captures a detailed profile of each laptop as it’s leaving the factory. More than a laundry list of parts, a profile is unique to each device, registering critical CPU and chip set components. The service also captures serial numbers, country of origin, lot numbers, date codes, firmware versions, and other information.
Once received, the ThinkPad’s current state is compared to the detailed profile that was captured and stored in the cloud at the start of its journey. If any deviation is detected, the laptop is quarantined and re-examined by a qualified technician.
STEP 4: Activation
Once the status of the device is reviewed and validated, the ThinkPad moves onto the provisioning step. The employee initiates the TSD service, which triggers the Intel platform update, including installing the security profile and other applications the laptop will need to do its work.
Such a fast, self-service provisioning model makes it easy for the employee to activate the laptop, optimizing productivity and providing the user with the tools they need to get up and running quickly.
Even after activation, the TSC service continues to support the ThinkPad throughout its lifecycle, capturing changes that occur to the computer over time, such as new components and other information.
STEP 5: End of Life
After 3-4 years of hard service, the ThinkPad laptop is ready to be decommissioned. With the TSC service still active and in place, the company has a record of progression for the laptop throughout its lifecycle.
A current overview of the computer and its components allows IT to accurately assess the laptop’s worth to help determine resale value. Following proper internal protocols, the device is wiped clean and moves onto its next life.
Resilient and secure
At SAP, we base our resilient supply chain on four pillars: agility, connectivity, productivity, and sustainability. These attributes allow us to serve a global economy that continues to fluctuate and change.
Future disruptions to our global supply chain are inevitable. By coupling technology with modern hardware and infrastructure, we can safeguard our business-critical assets—from the point of assembly, through to end of life.
To listen to the entire conversation, watch the video .