Security is big business these days, and hardware vendors know it. As a result, many hardware vendors have begun to build security features directly into their devices, giving them out-of-the-box capabilities that are often unexplored or overlooked.
One of the best examples of this phenomenon is the Trusted Computing Group's Trusted Platform Module (TPM) 1.2, a set of specifications that enables vendors to add a "security chip" microprocessor to any PC. TPM 1.1 chips made by vendors such as Atmel, Broadcom, and Infineon, have become standard issue on most PC hardware, but PCs that use TPM 1.2 only began shipping in the first half of this year.
Companies that have begun using TPM packages, such as Wave Systems' Embassy Trust Suite 5.1, are giving it a thumbs up. "Using TPM and Embassy Trust Suite has made a huge difference in the way we administer security," says Chris Cahalin, network manager at Papa Gino's, which operates some 400 restaurants throughout New England. "It's not only made our client machines and files more secure, but it's given us a lot more control in IT."
ETS 5.1 is a set of security tools and applications that leverage TPM chips to encrypt files, folders, and passwords on a laptop or PC, leaving the key only in the hands of the end user and the IT department. The keys can be given out in the form of smart cards, or the user can be authenticated via biometrics or digital certificate.
The net result is that users of TPM 1.2 and ETS 1.1 can lock their hard drives, folders, and files via an encryption key that can only be decrypted by the authorized user. A thief can't read any of the files on a stolen TPM laptop, and even users inside the company can be locked out of sensitive files on any end station.
Although most new PCs have TPM, many enterprises have yet to turn on their functionality, concedes Steven Sprague, president and CEO of Wave Systems. "I would encourage every enterprise to take a few of their new PCs into the lab, turn on this technology, and see what it can do," he says. "It'll change the way they look at end-user security."
Most experts see TPM as a boon for enterprises because it is a standard that works uniformly across vendors and PC models. But they are more wary of proprietary built-in security capabilities that are now being added to consumer-oriented machines.
Over the last few weeks, PC hardware vendors have been rolling out security technology at a rapid rate. On Nov. 1, Hitachi Global Storage Technologies announced that it will offer optional hardware encryption on all of its new 2.5-inch disk drives, which are expected to ship at a rate of a million units per quarter in early 2007. That announcement came on the heels of new drives from Seagate Technology, which will not only offer hard drive encryption but also multi-factor authentication options that would make it impossible for unauthorized users to access any data on the hard drive. (See Built-in Headaches.)
Experts say these built-in technologies -- as well as built-in biometrics from PC vendors such as Lenovo -- are good for consumers, but they may conflict with encryption and authentication policies and technologies that enterprises already have in place.
"Built-in security items will cause IT department headaches," says Richard Stiennon, founder of IT-Harvest, an IT consulting firm. "The enterprise would have to standardize on the new Seagate drives or be looking for hard drive encryption help for particular projects." As a result, many IT organizations will probably forbid the use of the new security technologies, Stiennon says.