There is a free security feature in more than 500 million desktop and portable computers that can prevent many potential security issues. Yet only a small fraction of users have activated the embedded security, according to a study by Aberdeen Research.
Trusted Computing solutions leverage hardware-based “roots of trust” at the edge of the network and at the endpoints. Security solutions which rely on these hard-based roots of trust are inherently more secure from external software attack and physical theft than software only implementations.
On-chip security operations include: public key cryptographic functions, integrity measurement functions, and attestation functions which provide cryptographic proof to a third party that software has not been compromised. Over the past several years vendors have been embedding the hardware and software basics for trusted computing in off-the-shelf desktop and server computers.
Within many of the following devices you’ll find embedded hardware that can be leveraged for trusted computing solutions: mobile devices, hard drives, storage systems, printers, network endpoints, servers and PCs.
So what’s the problem?
While a high percentage of trusted computing- ready devices and infrastructure exist, enterprise awareness about trusted computing, according to Aberdeen, is relatively low. It’s mind boggling that many security issues and crises could be avoided just by turning on a function you already own. But wait there’s more!
What we see in the industry, is that it is not just a case of ignorance but a case of best practices versus laggards. In other words the laggards appear to be more “ignorant” than those ranked best in class for security policy and risk management.
Those companies with investments in trusted computing initiatives are more likely to have developed a “holistic view of security risks and establish and enforce consistent security policies.” When the laggards were asked their top reasons for not investing in trusted computing initiatives, they responded that “benefits are not clear” and that there were “other priorities.” Talk about ignorance is bliss.
The chart below highlights the most typical applications created based on embedded trusted computing-ready hardware.
The message can’t be any clearer, if you want enhanced security, just use what you already have and turn it on!