Wave Systems Corp. (fka WAVXQ)

[redau]

By 2007 IT Security to rise to $116 Billion

Sorry, if this has been posted on the board already....

http://www.reed-electronics.com/eb-mag/article/CA481425?industryid=21920

(see article for graphs on quantities)

Processors gets hardened

Security concerns are mandating the enhancement of on-chip protection

Jessica Davis, Electronic News -- Electronic Business, 12/1/2004


Wells Fargo is currently living through a corporate nightmare. Four of its laptops were stolen in October from an Atlanta company that prints loan statements for the bank, and those machines contained the names, addresses and Social Security numbers of an undisclosed number of customers who have mortgages and student loans with the bank.

As of the middle of November, when this issue of EB went to press, there was no record of that information's having been improperly used. But the fact that data can be stolen as easily as a laptop can be swiped has sharpened a growing focus on security that began many years ago when the first viruses that spread via e-mail made sensational headlines.

These days the push toward greater security is being driven not so much by outlaws as by legislation, in the form of laws such as the Sarbanes-Oxley Act. Among the many Sarbox provisions is the requirement for public companies to disclose in their financial reporting if their machines are not secure, according to industry analyst Rob Enderle, principal at Enderle Group, an IT and security analyst firm. Another law driving higher levels of security, he says, is the Health Insurance Portability and Accountability Act (HIPAA), which deals with patient privacy.

Analyst firm IDC has forecast that by 2007, 80 percent of computer security will be hardware- rather than software-based. In addition, the firm says that worldwide spending on security and business continuity will grow twice as fast as IT spending over the next several years, reaching more than $116 billion by 2007 and making it a prime opportunity, particularly for companies in the maturing computing space.

Hardware-based security has been around since the mid-1990s, according to Enderle. But it has been slow to catch on, because no one wanted to pay more for hardware, according to Todd Whitaker, co-general manager of the Advanced PC Division at National Semiconductor

That has led to moves such as National Semi's recent effort to bring Trusted Platform Module (TPM) technology onto its SafeKeeper chip, so OEMs don't have to pay for another chip to implement the hardware-based security. National Semi claims that this can save half the cost of putting it on a separate chip. IBM has committed to using the SafeKeeper chip in all its forthcoming desktop and laptop computers.

The TPM spec was created by an organization called the Trusted Computing Group, founded in April 2003 by companies such as Intel, Advanced Micro Devices, Hewlett-Packard and Microsoft. National Semi is also a member, along with about 80 other companies. The TPM spec is currently implemented in chips from National Semi, Atmel, Infineon and STMicroelectronics.

"We felt that software security in itself was not adequate," says Nancy Sumrall, chairwoman of the marketing group at TCG and an Intel employee. "Software and hardware working together provide a much better level of security—one not as easily breakable or hacked into as with software alone."

Those close to the standard say that it provides a strong chain of trust from the software all the way down to the hardware level. The spec was designed so that TPMs from one vendor are interoperable with TPMs from another. The latest update is version 1.2, which multiple members have promised to adopt.

Companies are looking to hardware for security to fortify the protection already offered by software. "Secure layers of software must be built on something beneath them that is also secure," adds Whitaker. "You cannot trust what your application is telling you if your OS has holes in it."

Technologies implemented in hardware help protect against particular threats to which software is vulnerable. For example, at its recent annual meeting of shareholders, National provided a demo showing how a hacker can pull down tools readily available on the Internet to decrypt a software-based private key. By putting that key into hardware instead, TPM moves it to where hackers are less able to reach it.

Intel's Sumrall explains, "If you try to pry that chip off the motherboard, it totally erases itself," rendering it useless and the data inaccessible. This type of security can protect the data on laptops, so that thieves will not be able to access any of it.

Such hardware-based security efforts will not be limited to PCs. Trusted Computing has created a working group to look at security for servers,, cell phones and similar devices. Any device that is running software and trying to access the Internet should be a trusted platform," says Whitaker.