Hardware outshines software for security

  Lenovo started shipping PCs with them in 2003. Dell and Hewlett-Packard began to do the same in 2005. Even Macs come with them. Today, Steven Sprague, CEO of Wave Systems Corp. in Lee, Mass., estimates that more than 150 million PCs and laptops are equipped with the Trusted Platform Module (TPM) microprocessor, which stores data encryption keys used to scramble information stored on the device as well as provide authentication services for system users. Next quarter Intel will begin shipping TPM as part of its new chipsets going forward. Given the momentum behind TPM, Sprague argues, "There's no excuse any more for organizations to overlook it." One of the barriers, he says, is the corporate IT department, which needs to be educated about the benefits of using hardware (the TPM chip) to secure your computers. First and foremost, he points out, "You can't hack hardware." That is, malware writers won't be able to write code that can filch the decryption algorithm from a TPM chip or fake being the user. If they don't literally type the user's pin or passcode, they can't access the machine. For IT, the near-term security advantages are significant. Without making any new investments, Sprague claims, IT departments can "write 10 lines of code" so networks accept authentication certificates from TPM machines; as such they will no longer have to maintain occasionally flakey VPN clients and infrastructure. He's baffled why IT continues to depend on software to secure its data and network access. "Software for security has pretty much failed us," he concludes.