TMCnet News
WAVE SYSTEMS CORP - 10-Q - Management's Discussion and Analysis of Financial Condition and Results of Operations(Edgar Glimpses Via Acquire Media NewsEdge) Management's Discussion and Analysis of Financial Condition and Results of Operations ("MD&A") is intended to provide a reader of our financial statements with a narrative from the perspective of our management on our financial condition, results of operations, liquidity and certain other factors that may affect our future results. Unless otherwise noted, transactions and other factors significantly impacting our financial condition, results of operations and liquidity are discussed in order of magnitude. Our MD&A is presented in five sections: †Overview †Business Update †Results of Operations †Liquidity and Capital Resources †Contractual Obligations Our MD&A should be read in conjunction with our Annual Report on Form 10-K for the year ended December 31, 2013, as well as our reports on Forms 10-Q and 8-K and other publicly available information. Overview Our Business Wave was incorporated in Delaware under the name Indata Corp. on August 12, 1988. We changed our name to Cryptologics International, Inc. on December 4, 1989. We changed our name again to Wave Systems Corp. on January 22, 1993. Our principal executive offices are located at 480 Pleasant Street, Lee, Massachusetts 01238 and our telephone number is (413) 243-1600. 20 -------------------------------------------------------------------------------- Table of Contents Wave develops, produces and markets products for hardware-based digital security, including security applications and services that are complementary to, and work with, the specifications of the Trusted Computing Group, www.trustedcomputinggroup.org (the "TCG"), an industry standards organization comprised of computer and device manufacturers, software vendors and other computing products manufacturers. Specifications developed by the TCG are designed to address a broad range of current and evolving digital security issues. These issues include: identity protection, data security, digital signatures, electronic transaction integrity, platform trustworthiness, network security and regulatory compliance. The TCG was formed in April 2003 by its promoting founders: AMD, HP, IBM, Intel, and Microsoft. Wave was initially invited to join the founding group as a contributing member. Since 2008, Wave has held a permanent seat on the TCG Board of Directors (the "TCG Board"). Wave has also elevated its membership status to "Promoter," the highest level of the TCG. Permanent members of the TCG Board provide guidance to the organization's work groups in the creation of specifications used to protect personal computers ("PCs") and other computing devices from attacks and to help prevent data loss and theft. Wave's enhanced membership status allows it to take a more active role in helping to develop, define and promote hardware-enabled trusted computing security technologies, including related hardware building blocks and software interfaces. Wave is eligible to serve on and chair the TCG Board and the Work Groups and Special Committees thereof. Wave is permitted to submit revisions and addendum proposals for specifications with design guides and is similarly permitted to review and comment on design guides prior to their adoption. The TCG promotes a hardware-based trusted computing platform, which is a platform that uses a semiconductor device, known as a Trusted Platform Module ("TPM") that contains protected storage and performs protected activities, including platform authentication, protected cryptographic processes and capabilities allowing for the attestation of the state of the platform which provides the first level of trust for the computing platform (a "Trusted Platform"). The TPM is a hardware chip that is separate from the platform's main CPU(s) that enables secure protection of files and other digital secrets and performs critical security functions such as generating, storing and protecting "cryptographic keys" which are secret codes used to decipher encrypted or coded data. While TPMs provide the anchor for hardware security, known as the "root of trust," trust is achieved by integrating the TPM within a carefully architected trust infrastructure and supporting the TPM with essential operational and lifecycle services, such as key management and credential authentication. The TCG also promotes the use of Self-Encrypting Drives ("SEDs"). SEDs are based on TCG specifications, which enable integrated encryption and access control within the protected hardware of the disk drive. SEDs are designed to provide advanced data protection technology and they differ from software-based full disk encryption in that encryption takes place in hardware in a manner designed to provide robust security without slowing processing speeds. Because the drives can be factory-installed, these systems can be configured such that encryption is "always on" for the protection of proprietary information. The TCG has issued storage specifications over SEDs. These specifications are based upon the Opal Security Subsystem Class (SSC) specification - an industry standard issued by the TCG. The SSC specification gives vendors an industry standard for developing SEDs that secure data. The majority of Wave's TPM and SED related products, as detailed below in Products and Services, utilize the standards and specifications set by the TCG. The overall number of PC models being offered by original equipment manufacturers ("OEMs") and equipped with a TPM and/or SED, combined with the increased number of OEMs that have introduced TPM and SED equipped models has continued to accelerate the rate at which TPMs and SEDs are being shipped by the PC industry. The offering of products using TCG specifications to the PC market is an important development in the creation of the market for hardware-based computer security. Wave is continuing to execute its strategy to leverage its products in an effort to become a leading provider of software, applications and services for this market. 21 -------------------------------------------------------------------------------- Table of Contents Our Products and Services ENTERPRISE PRODUCTS EMBASSY Remote Administration Server ("ERAS") ERAS is a server platform that provides centralized management and auditing of Trusted Platform Modules (TPMs), self-encrypting drives (SEDs) and Microsoft BitLocker encryption. Correspondingly, there are four distinct product offerings from ERAS: Virtual Smart Card 2.0, ERAS for TPM Management, ERAS for SEDs and Wave for BitLocker® Management. Wave Virtual Smartcard 2.0 Wave Virtual Smart Card 2.0 ("VSC") leverages the TPM that is already built into the enterprise PC or tablet to essentially replace physical smart cards or USB tokens. VSC utilizes two-factor authentication in the form of the TPM, something you have, and a PIN, something you know. This two-factor authentication ensures that only known devices and known users gain access to an enterprise network. VSC integrates with existing enterprise certificate-based applications and uses platforms like Microsoft Active Directory. Support costs that are typical with traditional tokens and smart cards, such as replacement in case of loss, are non-existent with VSC as there is no additional hardware to lose. ERAS for TPM Management ERAS for TPM Management provides device and user identification management by allowing IT administrators to provision TPMs, manage TPMs and create cryptographic keys with the TPMs. ERAS for TPM Management also provides compliance with security regulations, as the software documents which devices and users are on a network. Access to a network can be restricted to only known devices, providing further protection for the corporate network. ERAS for TPM Management is required to configure platforms for the advanced integrity and health reporting that is available through Wave Endpoint Monitor, as well. ERAS for SEDs ERAS for SEDs allows for management of SEDs across an enterprise. Without management, an SED functions as a standard drive and its security capabilities are greatly reduced. ERAS for SEDs delivers SED drive initialization, user management, drive locking, user recovery and crypto erase for all Opal-based, proprietary and solid-state SEDs. ERAS for SEDs is designed to provide auditing capabilities that aid in compliance management by controlling and logging SED security settings giving IT administrators the ability to know whether a lost or compromised PC is adequately secure. ERAS for SEDs is designed to facilitate enterprise adoption of SED technology as it provides IT administrators with tools to utilize the security of these devices while reducing deployment and management costs. Wave for BitLocker® Management Through another capability of ERAS, Wave provides automated turn-key management for Microsoft BitLocker® encryption. This feature is suitable for organizations that have not yet fully phased SEDs into their environment and who are migrating to Windows 7 that have Microsoft Enterprise Agreements or Software Assurance for Volume Licensing. Wave for BitLocker® Management allows an organization to set policies and monitor security from a single console - simplifying an organization's deployment by reducing the need for specialized knowledge or costly systems. Key features of Wave for BitLocker® Management include centralized policy enforcement, recoverability of data in the event of a PC crash, securing of BitLocker® recovery passwords in an encrypted database, remote discovery and activation of BitLocker® client machines, remote activation of encryption without end-user involvement and a migration path to SED deployment. Wave Endpoint Monitor Wave Endpoint Monitor ("WEM") detects malware that can go undetected by traditional anti-virus solutions by leveraging the capabilities of the TPM. WEM provides increased visibility into endpoint 22 -------------------------------------------------------------------------------- Table of Contents health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits. Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system loads, targeting the system BIOS and Master Boot Record, and can persistently infect higher-level system functions, including operating systems and applications. WEM captures verifiable PC health and security metrics before the operating system loads by utilizing information stored within the TPM. If anomalies are detected, IT is alerted immediately with real-time analytics. Capabilities of WEM include reporting of PC integrity measurements, ensuring data comes from a known endpoint, alerting IT administrators to anomalous behaviors, providing configurable reporting and query tools, ensuring strong device identity through the use of hardware-based digital certificates and remote provisioning of the TPM. Wave Cloud Wave Cloud is a cloud-based service for managing full disk encryption using SEDs, BitLocker or Mac OSX FileVault 2. With Wave Cloud, organizations do not need to buy, build and test (or maintain) the server infrastructure as the management of systems for data protection is done using a web interface. The platform allows enterprises to deploy centrally-managed data encryption on their Windows and Mac systems utilizing SED hardware where available - all without the complexity and cost associated with maintaining on-premise servers. For OPAL-based proprietary and solid-state SEDs, Wave Cloud provides an organization with drive initialization, user management, drive locking and user recovery. For Windows systems capable of running BitLocker, Wave Cloud provides remote management for fixed and removable disks with TPM authentication options and user recovery. For Mac systems, Wave Cloud allows remote enablement of File Vault 2 with password management options. Wave Mobility Pro - Tablet Edition Wave Mobility Pro - Tablet Edition is a combined enterprise product offering comprised of selected products in the Wave portfolio that have been assembled and tested specifically for use on Windows 8 tablets. For eliminating password authentication on these devices and augmenting strong authentication security, a virtual smart card and/or fingerprint authentication can be used to access the tablet, VPN or corporate network. For managing encryption, a choice of software-based encryption, BitLocker or an SED is supported depending on the capabilities of the tablet. Wave's endpoint data loss protection solution product Protector is another option for securing data on removable devices that are attached to the tablet. Data Protection Suite Wave provides endpoint data loss protection solutions, including port and device control, encryption for removable media and content inspection and discovery, through its wholly-owned subsidiary, Safend - an Israeli-based company. Encryptor Encryptor provides hard disk encryption, protecting enterprise data from loss and theft and supporting an enterprise's attempt to waive disclosure requirements in the event of machine loss or theft with provable encryption. Encryptor enables compliance with regulatory, data security and privacy standards. Protector Protector provides granular control of ports and devices. Protector blocks users from connecting to unauthorized devices or using unauthorized interfaces while logging movements of data in and out of an organization. Protector also blocks or detects both USB and PS/2 hardware keyloggers, turns U3 USB drives into regular USB drives while attached to endpoints, protects against auto-launch programs by blocking autorun, detects and restricts devices by device type, device model or unique serial number, controls transfer of files both to and from external storage devices according to the file types and encrypts data in motion on removable storage devices. 23 -------------------------------------------------------------------------------- Table of Contents Inspector Inspector inspects and blocks leakage of sensitive content through email, instant messaging, Web, external storage and printers. Inspector enforces a data-centric security policy across multiple channels whether the machine is connected to an organization's network or a home network or used offline. Inspector allows for multi-tiered anti-tampering capabilities for permanent control over an organization's endpoints. Discoverer Discoverer maps, classifies and locates data stored on organizational endpoints and networks. Discoverer provides insight to unsecured data that can assist an organization in improving security and compliance initiatives. Reporter Reporter creates detailed graphical reports used for compliance assessment. These reports detail information on endpoint encryption status, show security incidents by type, user and organization unit, give an overview of the most common security incidents, identify endpoints that do not have a valid policy applied to them and list physical devices that were used within a defined time frame. Auditor Auditor scans endpoints for past and present connected devices and Wi-Fi networks. Auditor queries organizational network endpoints, locating and documenting devices that are or have been locally connected. Auditor checks all USB, PCMCIA, Firewire and Wi-Fi ports - granularly identifying endpoint devices connected for each user - both current and historical. Auditor provides organizations with visibility to identify and mange endpoint vulnerabilities. CLIENT-SIDE APPLICATIONS EMBASSY Trust Suite and EMBASSY Security Center The current version of the EMBASSY Trust Suite consists of a set of applications and services that is designed to bring functionality and user value to TPM-enabled products. Designed to make the TPM easy for users to set up and use, the EMBASSY Trust Suite includes EMBASSY Security Center ("ESC"), Trusted Drive Manager ("TDM"), Document Manager ("DM"), and Private Information Manager ("PIM"). EMBASSY Trust Suite is the term used when all client applications are included. More often than not a scaled down version of the client applications are packaged together under the EMBASSY Security Center branding (for example, EMBASSY Security Center - Trusted Drive Edition). ESC allows the user and/or administrator to configure the security settings for their TPM, Windows Login, fingerprint authentication, document encryption and/or SED authentication. In addition to the basic function of making the TPM operational and backing up TPM keys, ESC is designed to enable the user to manage extended TPM-based security settings and policies, including strong authentication, Windows logon preferences to add biometrics and streamlined TPM password policy management. TDM is the component in ESC software that is utilized for advanced lifecycle management for SEDs. SEDs are designed to provide advanced data protection technology differing from software-based full disk encryption in that the encryption takes place in hardware in a manner designed to provide robust security without slowing processing speeds. Because the drives are factory-installed, the systems can be configured such that encryption is "always on" for the protection of proprietary information. The SED storage specifications are based upon the Opal Security Subsystem Class ("SSC") specification - an industry standard issued and published by the TCG. The SSC specification gives vendors an industry standard for developing SEDs that secure data. Wave's products currently support all Opal-based proprietary and solid-state SEDs. 24 -------------------------------------------------------------------------------- Table of Contents DM is offered to provide document encryption, decryption and client-side storage of documents. PIM uses the TPM to securely store and manage user information, such as user names and passwords, credit card and other personal information. MIDDLEWARE AND TOOLS Wave offers three toolkits to assist software and application developers interested in using a TCG-standards-based platform. These are the TCG-Enabled Toolkit, the Wave TCG-Enabled Cryptographic Service Provider ("CSP") and the Wave TCG-Enabled Key Storage Provider ("KSP"). For TPM protection using 3rd party applications, ESC includes a CSP and KSP that enable functions such as TPM-based PKI authentication to 802.1x networks, Microsoft DirectAccess, Microsoft Outlook for email and Virtual Private Networks ("VPNs"). Applications for the TPM using Wave's CSP and KSP, however, are not limited to this list and can include various cryptographic functions for authentication, encryption and signing purposes. |