Technology now built into more than 500 million PCs, but most enterprises still don't use it

Tim Wilson, Editor in Chief, Dark Reading, Contributor

September 20, 2011

4 Min Read

ORLANDO, FLA. -- NSA Trusted Computing Conference 2011 -- In a room packed full of implementers and proponents of the industry's Trusted Computing technology, a speaker voiced the conference's central question: Stand up if you believe Trusted Computing technology is ready to deploy.

No one stood up.

The idea of PCs with built-in cryptography has been around for nearly a decade, and computers containing the Trusted Platform Module (TPM) encryption chip have been widely available for more than five years. Yet despite built-in support from virtually all of the world's PC makers, most enterprises still haven't turned on their machines' TPM capability, and only a few are using those built-in TPM chips as a primary means of authenticating users or securing PC data.

Could this be the year Trusted Computing technology takes off? With so much history behind the concept, many of the faithful here at this year's Trusted Computing Conference still believe with the fervor of Chicago Cubs fans. But as the roomful of still-seated experts suggests, there aren't a lot of advocates who are betting the ranch.

"We can reach the point where the cost of data theft outweighs the rewards," said Michael Lamont, chief of the Network Solutions Office at the National Security Agency's Central Security Service, which was the chief sponsor of the Trusted Computing Conference. "But we're not on a path to get there yet. We need to make some improvements."

"For the enterprises that turn it on, [Trusted Computing technology] achieves much more than they expected," said Steven Sprague, CEO of Wave Systems, which offers turnkey solutions that enable OEMs and enterprises to take advantage of TPM. "But a lot of people in IT don't understand it yet. It's not a pizza box that you can just plug in, and it works without configuring it."

Neil Kittleson, Trusted Computing portfolio manager at NSA/CSS, offered an update on the development of Trusted Computing technology during the past year, including the addition of the ability to encrypt data on virtualized devices and the ability to manage TPM-secured PCs from off-the-shelf enterprise management systems.

In order to be adopted, Kittleson said, the industry needs to recognize that there is a requirement for Trusted Computing, that the technology is ready, and that the cost is affordable.

While TPM is available in most PCs, some enterprises might still not feel it is ready for prime time because of the proliferation of new devices, such as smartphones and cloud technology, Kittleson acknowledged. "Enterprises need to know how these same technologies can be used to secure the rest of our devices," he said.

On the affordability front, there are very few actual deployments of Trusted Computing technology, so there are not many enterprises to attest to its cost-efficiency, Kittleson stated. Sprague said a Trusted Computing-enabled PC might cost around $300 more than an off-the-shelf machine.

While TPM is supported in many devices, most vendors don't offer adequate instruction on how to use it, Sprague said. "There's no technical guide for using TPM as a token on a Cisco or Juniper switch," he observed. "We are having to build templates that walk users through [implementation], step by step."

There are some large deployments of Trusted Computing technology beginning, Sprague said. Pricewaterhouse Coopers has an 85,000-seat implementation, he said, and BASF is using TPM to provide self-encryption in about 80,000 devices.

"This is starting to happen in a lot of places," Sprague said. "The technology is there. The value is there. The history is unimportant."

But Kittleson acknowledged that after so many years of discussing Trusted Computing technology, it can be hard to get enterprises excited again.

"After six years, there's a bit of fatigue around the program," Kittleson said, speaking about the federal government's High Assurance Platform, which features Trusted Computing technology as a key component. "It hasn't gotten the traction it needed."

Sprague said TPM's development is moving forward with the same slow-but-steady adoption path as Ethernet or USB technology once did. "In those cases, the technology wasn't perfect, but the adoption continued. And now look where those technologies are," he said.

Maybe this will be the year, Cubs fans. It could happen.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights