Aberdeen’s analysis of 41 companies with current deployments involving a hardware root of trust – either trusted platform modules (TPMs) or self-encrypting drives (SEDs) – and comparison with 86 companies who did not shows that companies deploying hardware roots of trust realized a cost advantage of more than $80 per endpoint per year, in addition to enhanced security and compliance and a generally transparent end-user experience.
Aberdeen’s first benchmark study on Trusted Computing (February 2008) began with a reference to the 1983 Turing Award and the acceptance speech of Ken Thompson (who was recognized along with Dennis Ritchie for their contributions as the principal creators of the Unix operating system), who famously remarked: “The moral is obvious. You can’t trust code that you did not totally create yourself. Especially code from companies that employ people like me.” It’s a great a great line, and reminiscent of Groucho Marx, who some thirty-five years earlier is supposed to have resigned from the exclusive Friars Club saying “I don’t want to belong to any club that will accept me as a member.”
Today, the awareness that software cannot be trusted is pervasive. Applications are vulnerable due to coding defects, buffer overflows, parsing errors and the other perennial vulnerabilities on the OWASP Top 10. Systems are vulnerable for being misconfigured and unpatched, in spite of a never-ending treadmill of “patch Tuesdays.”
To read the full article, click here.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.