Trusted Computing Group

For years now, Trusted Computing Group has provided an almost full-day session on the Monday of RSA Conference. In the early days, we talked about specifications and the work we hoped to do. In the middle years, we've done lots of demonstrations of TCG's many specifications for client, network and storage device security and conducted hands-on labs. But the question "who is really using this technology?" lingered.

This year, for the first time, TCG gathered actual users of SEDs, TPMs and TNC in one room. In three separate panel sessions dedicated respectively to network security, data protection and authentication, these users recounted how they were protecting their enterprises with Trusted Computing. These were no tiny two-person-and-a dog shops, either - they were major powerhouses like PricewaterhouseCoopers (PwC), the National Security Agency, CUNA Mutual, the State of South Carolina in the U.S., Dendreon and others. In fact, PwC has 85,000 users protected with the TPM. Many of these are talking about their experiences with Trusted Computing for the first time.

One of the cool nuggets dropped during these panels was an actual cost analysis of using the Trusted Platform Module (TPM) to support x.509 certificates versus other solutions. Naysayers have long griped about the cost and trouble of deploying the TPM, and hence many TPMs sit in client systems, unactivated. But what PwC found is that it's really pretty easy, quick and less expensive to use the TPM. Beyond the fact that it's already in the box with no extra cost associated compared with using tokens, for example, and requires minimal changes to lifecycle management, the TPM was easily provisioned and managed. Even including TPM management software, PwC calculates that smartcards would have cost about twice what the TPM usage was and USB tokens three times.

You can view this presentation as well as others on the RSA Conference 2011 events page.