Trace Id is missing
May 03, 2022

Lenovo reinforces customer trust with ledger in Azure SQL Database

Lenovo builds millions of computers every year, and the company wants its customers to trust that each one arrives configured to the customer’s request. To provide this attestation, the company now tracks each new device with its Trusted Supply Chain solution built with ledger in Microsoft Azure SQL Database. Lenovo chose ledger in Azure SQL Database because of the performance, scalability, and security of the Azure platform. The company has been so pleased with the results that it is planning to use ledger in Azure SQL Database for additional high-security applications.

Lenovo

“Ledger in Azure SQL Database is a very important building block of our zero-trust approach moving forward at all levels—data, software, and hardware.”

Thorsten Stremlau, Chief Technologist and Executive Director of Commercial Product Portfolio, Lenovo

Building a highly trustworthy supply chain

Global computer maker Lenovo aims for nothing less than creating a better world by developing smart products, solutions, software, and services that help individuals, communities, businesses, and entire populations fulfill their potential. Since 1995, Lenovo has shipped more than 500 million PCs, and it makes three new devices every second. The company wants to make sure that each one reaches its user in precisely the condition and configuration that it left the factory.

Maintaining superior levels of computer security is an increasingly challenging task. During the early days of the COVID pandemic, Lenovo saw a 400-percent increase in attempted hacks of many varieties.  In addition, working from home—or elsewhere—has created a hybrid workforce that complicates security protocols, as employees share more data and may be less connected to corporate IT departments.

Since creating its ThinkShield brand in 2018, Lenovo has been examining where it can control potential security gaps related to its device manufacturing and supply chain. “We want to be able to show customers that a device hasn’t been tampered with and is trustworthy before they bring it into their environment,” says Thorsten Stremlau, Chief Technologist and Executive Director of Commercial Product Portfolio at Lenovo. “We want to attest to device integrity, even down to system levels that require administrator access.”

Choosing the right tool for the job

To maintain its solid trust relationship with its customers, Lenovo wanted a reliable third-party to provide device attestation capabilities.  Lenovo chose to work with Microsoft Azure. “Microsoft has extensive certifications in place for its own infrastructure, and we’ve seen more and more of our corporate customers moving to Azure as their trusted cloud platform,” says Stremlau. “The scalability of the Azure pricing model is also attractive and better than the competition.”

Lenovo found an ideal device tracking and attestation tool in ledger in Azure SQL Database, and the company has used the capability to create its Trusted Supply Chain solution. The ledger feature enables tamper-evidence through cryptographic verification for centralized data stores. Ledger eliminates the additional cost, complexity, and performance overhead of decentralized blockchain technology while providing many of its benefits in a fully managed SQL environment.

“The trust, transparency, and certification process inherent to Azure led us to choose it over blockchain,” says Stremlau. “Blockchain is also very resource-intensive, which goes against our sustainability goals, it does not have great performance, and it is vulnerable to majority attacks.”

Trusted Supply Chain documents the exact state of 32 different device parameters when a computer leaves the manufacturing plant and uploads the data to ledger tables in Azure SQL Database where it’s processed and stored. When a customer receives a device, they run a data verification program on it and compare the results to what was collected when the device shipped, giving a granular view of any discrepancies. “For example, if you ordered a Core i9 CPU with 32gb of RAM, but you got an i3 CPU with 4gb of RAM, you’ll know that right away,” explains Stremlau. “We’ve seen cases of third-party companies modifying PCs, so this is a real-world issue.”

Working with Microsoft Partner Network member Softeq on development, Lenovo found the ledger technology to be very easy to use. “It was just a matter of ticking a box to convert a regular Azure SQL Database to a ledger database,” says Stremlau. “Using a fully managed service like Azure SQL Database also lowers the administrative burden over an on-premises solution.

Tracking all devices and building new use cases

With Azure SQL Database ledger, Lenovo can prove beyond a reasonable doubt that no one has modified a computer’s data—not even Lenovo itself. Moving forward, all new Lenovo computers will be tracked in Trusted Supply Chain. “This solution works well for a hybrid workforce where employees may receive PCs directly, rather than routing them through a staging facility, and their integrity can be verified from anywhere,” says Stremlau.

Using ledger in Azure SQL Database also gives Lenovo a head start on meeting emerging industry security standards around validating the integrity of computer devices. Based on the success of Trusted Supply Chain, Lenovo is in the process of building out its Azure footprint.

“Ledger in Azure SQL Database is a very important building block of our zero-trust approach moving forward at all levels—data, software, and hardware,” says Stremlau. “We’re considering extending it to other high-security use cases like continuous firmware monitoring, parts provenance sustainability, and tracking tax payments and duty transactions. We want to provide end-to-end integrity and transparency to our customers.”

Find out more about Lenovo on Twitter, Facebook, and LinkedIn.

“Microsoft has extensive certifications in place for its own infrastructure, and we’ve seen more and more of our corporate customers moving to Azure as their trusted cloud platform.”

Thorsten Stremlau, Chief Technologist and Executive Director of Commercial Product Portfolio, Lenovo

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft