Why is corporate adoption of the trusted computing standard still very low when over 70% of new computing devices have built-in trusted platform modules (TPMs)?
There are several reasons why actual usage of the trusted platform modules (TPMs) is very low, writes John Pescatore, vice-president and distinguished analyst at Gartner. The biggest reason is that the TPM approach largely ties a user to a single computer by storing keys and other sensitive data in the TPM chip on that PC. In the real world, business and consumer users need to use multiple PCs, such as their work PC and their home PC, for both business and personal use. The TPM approach doesn't support that concept very well - it would have been much better to focus on a secure USB drive with the TPM chip to support this mobility.
Another reason is that while the TPM hardware capability on a PC (along with TPM control and management software) can support a secure boot of a Windows PC and strong disk encryption of the contents of a PC, both of those things can be done without TPM by adding third-party software that doesn't need the TPM chip. For example, it is easy to encrypt the contents of a hard drive without using the TPM chip. The use of the TPM chip increases security but for many (if not most) uses, that additional security is not required.
The final reason is that while the TPM approach provides for secure storage of keys, it doesn't do anything for secure processing of data. Any malicious software (such as a botnet client) that gets executed on a PC with a TPM chip can still decrypt and steal any data stored on the PC. The TPM approach does not support a trusted execution environment, which is what is really needed against today's threats.
Read more advice from the Computer Weekly Think Tank >>
This was first published in November 2009