Wave Systems Corp. (fka WAVXQ)

[sciwag]

Ootommy,

Reason for lack of adoption……

I think that Wildman’s post of how SKS answered on the conference call is right on point. It is exactly what I discovered in my conversations with my own company’s IT dept. And I would add the following.

Yesterday, I asked Awk basically the same questions you are asking today. He and other posters responded how easy it is to activate and use/manage TPMs. Since I have neither TPMs nor FDE on either my home desktop or my work laptop, I can’t attest to that ease of use but I am comfortable in knowing Awk and the other posters are correct.

What I struggle with then is the following sentence from this article by Jon Oltsik that Awk posted just yesterday:

“None of the organizations was taking advantage of the Trusted Platform Module (TPM), a security chip that is embedded in all new PCs. Users complain that they like the security functionality but that TPM is simply too complex to roll out to nontechnical users.”

http://news.cnet.com/8301-1009_3-10071297-83.html

I have spoken with my own IT Dept on three separate occasions now about our data security and TPMs and FDE. The first occasion was a year ago and no one in my IT dept had a clue as to what a TPM or FDE was. Six months ago when I discussed it again with them, they knew little more than the first time. This last time I spoke to them (just a few weeks ago) they assured me our laptops and the data contained on them were secure…..without the use of FDE and TPMs. I am pretty sure they are sick of hearing from me at this point. Because of these discussions and others that I have had with several associates and friends who are IT professionals, I have become convinced that the situation has been reduced to what I call “the seat belt effect”.

Some thirty plus years ago (many on this board may be too young to remember this), states did not require occupants of motor vehicles to wear protective seat belts. And even though every car and truck had seat belts (just like every new PC shipping today has a TPM), no one I knew (family, friends, associates) to a person (not one) wore their seat belts. All of us had seen the videos of what happens when you’re involved in an accident and aren’t wearing your seat belt. And all us knew of or had experienced the loss of friends or family members killed in car accidents where the person was ejected from the vehicle, etc. But no one wore a seat belt. It was a mindset that I think everyone in our country shared. We knew we were more secure wearing them but it didn’t matter. We didn’t wear them.

Even when states finally began passing laws requiring all occupants to buckle up, it was probably a good 3 to 5 years before everyone complied. And even then it was only after enough hefty fines for failure to comply were issued by the cops.

Today, I can’t think of anyone I know who doesn’t buckle up when they get in their car. It is now the mindset that everyone wears their seat belt.

I agree with Awk that ultimately TPMs will be activated by essentially every company and consumer. It will eventually become the mindset. But I am less convinced that it is occurring now. Note SKS’ recent email confirming that it is still a struggle getting companies to activate their TPMs and upgrade their security. And I have little doubt that Wildman is correct in that maybe 2-3% (if that) of enterprises are activating.

It is my very humble, nontechnical opinion that TPMs will go the way of the seat belt. Adoption of this technology will continue to be a struggle for Wave and the TCG until state and federal govts pass stronger laws with more and more severe penalties for failure to comply with those laws. It is why I have stated before on this board that I closely follow the postings of Helpfulbacteria and others familiar with the workings of our govt agencies. And, unfortunately, even though many federal agencies (DOD, NSA) are mandating their use and some states are passing laws requiring greater data security as we speak, like the seat belt it will most likely take a few years before compliance is complete.

I sincerely hope I am wrong, but I believe we will once again have to be lawfully forced into being more secure.

Sciwag