Why is corporate adoption of the trusted
computing standard still very low when over 70% of new computing
devices have built-in trusted platform modules
(TPMs)?
The use of any standard depends on a need (to use a standard)
and/or the availability of products that can effectively leverage
the particular standard, writes Peter Wenham, committee member
of the BCS Security Forum Strategic Panel and director of
information assurance consultancy Trusted Management. Extending
this thought a little more we see that within the Corporate world
the use or adoption of a product will depend in part on the degree
of support the product will need 'in service', in part on the
knowledge and skill levels available within the organisation and in
part on adoption and support costs.
Now since the trusted platform standard is well supported within
the IT industry and the associated trusted platform module (TPM) is
widely available, at least on new computing devices, the most
likely explanations for its poor adoption are I believe: (a) unless
an organisation has a critical mass of TPM equipped devices, the
costs of supporting non TPM equipped devices in a network that
fully supports TPM equipped devices is likely to be perceived as
outweighing the benefits, (b) unless the vast majority of devices
in an infrastructure are TPM enabled, the benefits of fully
exploiting TPM cannot be realised, (c) the knowledge of what a TPM
enabled infrastructure can offer the business is just not there,
and finally (d) the IT folks at an organisation do not have the
time or inclination to research what TMP can offer. A good
description of what a TPM enabled environment can offer is the
"How to Use the TPM: A Guide to
Hardware-Based Endpoint Security".
Read more from the Computer Weekly Security Think Tank
>>