Why is corporate adoption of the trusted
computing standard still very low when over 70% of new computing
devices have built-in trusted platform modules
(TPMs)?
There are several reasons why actual usage of the trusted
platform modules (TPMs) is very low, writes John Pescatore,
vice-president and distinguished analyst at Gartner. The
biggest reason is that the TPM approach largely ties a user to a
single computer by storing keys and other sensitive data in the TPM
chip on that PC. In the real world, business and consumer users
need to use multiple PCs, such as their work PC and their home PC,
for both business and personal use. The TPM approach doesn't
support that concept very well - it would have been much better to
focus on a secure USB drive with the TPM chip to support this
mobility.
Another reason is that while the TPM hardware capability on a PC
(along with TPM control and management software) can support a
secure boot of a Windows PC and strong disk encryption of the
contents of a PC, both of those things can be done without TPM by
adding third-party software that doesn't need the TPM chip. For
example, it is easy to encrypt the contents of a hard drive without
using the TPM chip. The use of the TPM chip increases security but
for many (if not most) uses, that additional security is not
required.
The final reason is that while the TPM approach provides for
secure storage of keys, it doesn't do anything for secure
processing of data. Any malicious software (such as a botnet
client) that gets executed on a PC with a TPM chip can still
decrypt and steal any data stored on the PC. The TPM approach does
not support a trusted execution environment, which is what is
really needed against today's threats.
Read more advice from the Computer Weekly Think Tank
>>