Trusted Computing

[Bull_Dolphin]

3 Steps To Ensuring Laptops Are Trusted, Healthy And Managed
By Joseph Souren APRIL 26, 2012
Wave Systems EMEA

http://www.businesscomputingworld.co.uk/3-steps-to-ensuring-laptops-are-trusted-healthy-and-managed/

Enterprises that want to secure IT networks should start by protecting the device, ensure data is encrypted and monitor device health from activation to decommissioning. These three steps are essential.

Step 1: Authentication and Trust

The first step to securing the network periphery is to authenticate and trust any device used to connect with enterprise IT systems. When companies focus on the device as the bedrock for network security, they start with a firm foundation. If the device is truly protected, rogue connections to the network are almost impossible. If the core is secure, the device is trusted.

For this, we need to establish an integrity check showing that the underlying components have not changed. This requires methods that work outside of the operating software. In general, security methods require a root of trust – a known hardware starting point.

To facilitate this process, a secure process is used to conduct platform measurements. For example, the BIOS firmware and the bootblock are measured, and at the end of the boot sequence a number is calculated that must be exactly the same as the number that was calculated when the platform was first activated.

When the numbers do not match, something has changed on the platform and it should be investigated for changes. The Trusted Platform Module (TPM), which is often part of the PC hardware, can be used to deliver this root of trust, while the BIOS and TPM can deliver the method to calculate the platform integrity number.

For mobile devices, a Mobile Trusted Module (MTM) acts in the same way as the TPM, and by utilising functions such as Trustzone in ARM processors, trust in the platform can be established.

Step 2: Secure encryption

The second step is to ensure that all data on the device is encrypted in a virtually unbreakable way. This can be achieved through the deployment of Self Encrypting Drives (SEDs), and can be allied to the TPM to provide the most robust data protection currently available.

Cost is not an issue as SEDs are now virtually matching the price of other hard drives and the TPM is already installed on more than half a billion enterprise laptops, notebooks and PCs around the world.

Corporate IT management understand the need to control and monitor networks whose periphery continues to expand. This expansion is driven by the adoption of mobile devices, and because each device is different, the logical answer is to deploy an accepted standard for device and user authentication, data encryption and device health that is embedded in the device, but has no effect on device performance.

Step 3: Device health

If the mobile device is secure and difficult to break at its base, the management of the device becomes less complex, and monitoring is both highly effective and relatively simple. Control returns to the network manager and security can be established as a policy.

The adoption of standards also reduces costs. If each mobile device has the same security process, organisations will make substantial savings at every stage of the engagement process, from secure initialisation to decommissioning.

Choice of management software to enable the evolution of the secure IT network is a matter for the enterprise decision-makers. However, a decision must be made this year because the network that supports their business is now mobile, and as a result the risk is greater than ever. However, if the device is secure and trusted, the opportunities for the enterprise to cut costs and effectively manage a robust and highly secure network are substantial.

Joseph Souren leads Wave’s operations in EMEA, where he is responsible for developing the company’s sales, marketing and channel strategy in that region. With nearly 20 years of experience, Joseph has a strong track record for managing sales, marketing, channel and geo operations. He has held management positions at high-growth, NASDAQ 100 companies, including SanDisk, McAfee, and CA Technologies. Most recently, he served as VP of CA Technologies’ Internet Security Business Unit. Joseph has worked with the European Network and Information Security Agency, GovCert, the Platform for Information Security and the International Systems Security Association.