Why is corporate adoption of the trusted computing standard still very low when over 70% of new computing devices have built-in trusted platform modules (TPMs)?
The use of any standard depends on a need (to use a standard) and/or the availability of products that can effectively leverage the particular standard, writes Peter Wenham, committee member of the BCS Security Forum Strategic Panel and director of information assurance consultancy Trusted Management. Extending this thought a little more we see that within the Corporate world the use or adoption of a product will depend in part on the degree of support the product will need 'in service', in part on the knowledge and skill levels available within the organisation and in part on adoption and support costs.
Now since the trusted platform standard is well supported within the IT industry and the associated trusted platform module (TPM) is widely available, at least on new computing devices, the most likely explanations for its poor adoption are I believe: (a) unless an organisation has a critical mass of TPM equipped devices, the costs of supporting non TPM equipped devices in a network that fully supports TPM equipped devices is likely to be perceived as outweighing the benefits, (b) unless the vast majority of devices in an infrastructure are TPM enabled, the benefits of fully exploiting TPM cannot be realised, (c) the knowledge of what a TPM enabled infrastructure can offer the business is just not there, and finally (d) the IT folks at an organisation do not have the time or inclination to research what TMP can offer. A good description of what a TPM enabled environment can offer is the "How to Use the TPM: A Guide to Hardware-Based Endpoint Security".
This was first published in November 2009