Wave Systems Corp. (fka WAVXQ)

[Snackman]

CSL, Here is your link opened. Thank you

Trusted Platform Module (TPM), Trusted Computing & WAVE
Technology Update Add comments
Dec 062010

I was invited to the EU Trusted Computing Seminar last week. It was really interesting and I thought I would give a summary about what it was about.

All organisations who deal with sensitive information should take note of this. One of the major draw backs with information security is you can spend a lot of time and money securing the network with VPN’s, firewalls, encryption etc. but at the end of the day your weak point will be the end user. It doesn’t matter how secure your network is if your end users keep sensitive information locally it’s at risk of falling into the wrong hands. There have been many examples of laptops and portable devices being lost or stolen with critical information on it.

Most hardware vendors today are now including a Trusted Platform Module (TPM) chip in their equipment. The list of vendors who have been supporting this technology for a while is endless. I was however surprised that Apple and Cisco haven’t joined the party. I’m not sure why. I did see companies like Juniper and HP on the list.

This module controls the end device security at the hardware level. It has the ability to store certificates and keys for encryption. Prior to this seminar I thought private software certificates were fairly secure. During the workshops they demonstrated with some simple free tools downloaded from a Google search you were able to export a private certificate and install it on another device.

TPM allows you to move the management of these software certificates to the hardware level. When you try and export the private certificate the TPM won’t allow it. The TPM is also used to encrypt self encrypting disks for example Seagate so that if devices are lost or stolen the information remains secure. The TPM is enabled in the BIOS and even if the disks are removed and placed in another machine the information still can’t be accessed. These are just some of the features of the TPM. The thing is the TPM is just a module and is widely distributed but hardly enabled. It needs something to enable it and drive it. This is where WAVE (http://wave.com/) comes into play. It’s an inexpensive tool to enable and manage the TPM. It has some really advanced features which include being able to lock down USB ports, remotely manage security on devices, and works with other 3rd party applications like Microsoft Bitlocker.

WAVE has been very successful in the US and there’s going to be a big push to introduce this into the public and banking sectors in the UK. It’s very possible that it might even become a compliance requirement in the future.

If you are an IT Manager or Director and looking to refresh your desktops I would strongly urge you to make sure your device has a TPM. The TPM is very inexpensive. I was told it’s basically free so there’s no excuse. The important thing to note is that the TPM can’t be fitted to a device retrospectively. You need to purchase a whole new device. If you are looking at buying new hardware it would be worth checking that it comes with a TPM.

We are going to be working with WAVE to better understand this technology so we’re able to help you as the end customer when the time comes to enable your TPM with WAVE.

I hope this has been helpful. If you have any questions feel free to contact me.

http://www.lifecycle-ps.com/blog/?p=29