Trusted Computing Group

PORTLAND, Ore., March 4, 2009 - Most enterprises today can easily determine exactly who is on their networks, prevent data loss and manage passwords using widely available tools and at little initial cost or ongoing maintenance, note security experts at the Trusted Computing Group in a new white paper at https://www.trustedcomputinggroup.org/news/Industry_Data/.

However, many IT organizations are not using this technology and are risking serious data breaches and negative impacts from such breaches, which are estimated to cost industry approximately hundreds of millions in lost business, fines, fees and lost goodwill. Seventy-three percent of breaches are from external sources, according to a 2008 Verizon report,* and the same report notes that 52 percent of attacks were ranked "low" on attack difficulty.

Some simple security fixes are based on the Trusted Platform Module, a technology embedded into most newer enterprise PCs. The module, or TPM, protects digital keys, passwords and certificates against attacks or loss. When activated and used with widely available software provided by many PC and applications vendors, the TPM enables strong authentication and more effective password management, and it can safely store keys used for self-encrypting drives.

Who is Using the TPM?

A large pharmaceutical company wanted to control what PCs could access the company network. Even though the company had a VPN in place, network operations could show that not all PCs connected to the network were actually authorized to be able to connect to the network. The company turned to digital certificates protected by the TPM inside of its PCs as the answer. The VPN requires a digital certificate as authentication to log on to the network. The certificate is protected by the TPM on each company PC.

TCG TPM

The TPM software requires its own authentication before it will release the certificate the VPN requires. As a result, the company knows that only company PCs can connect to the network (only company PCs have the certificate required, and that certificate is bound to the TPM in the PC). Further, the company knows that the only way to get the VPN certificate to be released is if an authorized company employee is at the keyboard when the VPN client is started. If a company PC is stolen, the certificate tied to that PC can be revoked. Now the company can show that all PCs connected to the network belong to the company or are otherwise explicitly authorized to be there.

The TPM can be used with biometrics or smart cards and uses widely deployed Public Key Infrastructure, or PKI, present in almost all email clients. The TPM also is supported by almost 20 Virtual Private Network (VPN) products, including those from leading vendors. Other examples of the TPM being used to ensure protection of data and networks can be reviewed in a short white paper on the topic, available at
https://www.trustedcomputinggroup.org/news/Industry_Data/TPM_applications_paper_March_2
8_2008.pdf.

Trusted Computing Group, an industry organization that enables computing security, has created a portfolio of specifications to enable more secure computing across the enterprise in PCs, servers, networking gear, applications and other software, hard drives and embedded devices. More information and the organization's specifications and work groups are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org.

Brands and trademarks are the property of their respective owners.

* Verizon "2008 Data Breach Investigation Report,
http://www.verizonbusiness.com/resources/security/databreachreport.pdf

Back to News Listing