A tsunami of news reports about data breaches, attacks and hacks has left the security and IT communities reeling – and busy. And a huge number of additional incidents are never reported, or even worse, not detected. Enter the TPM, or Trusted Platform Module.
For years, security experts have known of the availability of a hardware root of trust that can anchor core security functions and protect systems, data and networks. But for many reasons, ranging from lack of awareness to difficulty implementing to resistance to change, these solutions have languished while other, reactive tools and solutions took center stage.
Now, security professionals worldwide have woken up and realized that attacking security problems after the fact is not the most effective tactic, and more attention is being paid to a more proactive and holistic approach.
Enter the TPM, or Trusted Platform Module. Typically deployed as a discrete or integrated chip on the circuitry of PCs, servers and embedded systems, the TPM is based on best practices and industry standards for protecting vital security information, such as keys, certificates and passwords. Unlike traditional approaches of storing these items in software that is routinely hacked, these critical bits of data are securely encrypted and stored in the TPM.
The TPM also can measure the “state” of a system and if specific elements of a system have been changed, which often signals malware or boot kits, the system is automatically shut down, or other action taken.
While the TPM can be useful in many security applications, we will look at a specific use model in this article.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.