Today, with increasing electronic communications and transactions, trust in the hardware used for these purposes has never been more important. To establish and ensure trust, the U.S. and other governments around the world have taken advantage of the trusted hardware and process for establishing trust that leading technology companies have developed through a not-for profit organization, called the Trusted Computing Group (TCG).

TCG’s hardware-based root of trust process relies on open standards — not proprietary processes. It starts with a Trusted Platform Module or TPM. Typically a secure cryptographic integrated circuit inside an enterprise-grade computer or server, the TPM is an integral part of these units and has been installed in over half a billion end products.

The hardware-based root of trust is a significant improvement over software-only protection schemes, since software is vulnerable to the same attacks from the malware that it attempts to thwart. In contrast, the more robust hardware-based TPM approach can manage user authentication, network access, data protection and more. The root of trust has a minimum set of functions to establish the trustworthiness of the host platform. Attestation or vouching for the accuracy of information, as well as authentication, or proof of identity, are among the tasks enabled by the root of trust established by the TPM.

With the TPM, users can set passwords and store digital credentials, including passwords in a hardware-based vault. The TPM can manage keys and can be used in conjunction with self-encrypting drives to restrict access to sensitive data.

The TPM has progressed from its first level over 10 years ago to the TPM 1.2 version today. The TPM and its associated specifications were designed to provide a high level of security to Commercial Off-The-Shelf (COTS) and other products used by government agencies.

As part of its High Assurance Platform (HAP) Program, the National Security Agency (NSA) uses the TPM in a virtualized approach to run multiple secure environments. Today, almost all computers acquired by the Department of Defense (DoD) are required to include a TPM.

This advanced level of trust and security has prompted the National Security Agency (NSA) to sponsor two Trusted Computing Conferences and Expositions. The most recent conference was held September 20-22, 2011 in Orlando, FL. In addition to demonstrating current successes from the use of the TPM in national security programs, presenters discussed the necessity to take these efforts even further.

Taking advantage of a hardware root of trust

In its as-delivered condition, the TPM in computers, servers and other products are in a ready-state to be activated. For government, business entities or individuals to obtain the improved security that the TPM offers, it simply requires security policy processes to be followed. This process is usually described in the operation manuals for the equipment, and is easy for trained information technology personnel to implement.

Once activated, the TPM provides increased security through linkage to other TCG specifications that have been developed for networks, such as the Trusted Network Connect (TNC) and self-encrypting drives (SEDs).

TNC provides trusted network access for fixed and remote mobile devices used enterprise-wide, so authorized users can safely interact with network systems. The National Institute of Standards and Technology (NIST) and the Trusted Computing Group (TCG) worked together to integrate Security Content Automation Protocol (SCAP) developed by NIST and TNC standards developed by TCG. The combination provides a powerful automated compliance and network access and enforcement tool set. The use of SCAP’s ability to manage the security integration of devices, including desktop PCs, servers, laptops and more, with TNC’s complementary set of network capabilities provides users a level of security that was very difficult, expensive or impossible to deliver previously.

TPM used with the newest self-encrypting drives (SEDs) can take the encryption security to a higher level. While a TPM is not required for users to benefit from the automatic encryption that an SED provides, the TPM can prevent unauthorized access to the network or computer systems. Microsoft has step-by-step instructions for enabling and using the BitLocker disk encryption leveraging the TPM included in Windows Vista and Windows 7.

Extending TPM security

With TPM-based security readily available to protect computers and servers, the transition is already well underway to use mobile devices including smart phones to access the restricted information in government and other networks. TCG’s Mobile Trusted Module (MTM) is a secure element and specification developed for use in mobile and embedded devices. The market requirements for these wireless devices dictate a reduced feature set from the traditional PC TPM developed for a wired computing environment, but can work cooperatively with TPMs in other devices for complete system security. The effort to develop the complete functionality required for mobile trust continues with the ongoing development of MTM 2.0. With these specifications, network service providers, third-party service providers and end-users all benefit from establishing trustworthy behavior.

TCG’s recent formation of an Embedded Work Group will provide additional tools to embedded system developers. With these specifications, devices that are increasingly connected to the Internet can benefit from the same approach to security that TCG has provided to computer, servers, drives and networks. With this protection, embedded devices can avoid becoming the weak link entry point for network malware.

Moving forward

The supply chain realizes the importance of hardware-based security and continues to embrace TPM technology with implementations in hardware and improved software and services. Upcoming Windows’ releases from Microsoft are anticipated to require TPM. As self- encrypting drives continue to proliferate that also take advantage of the TPM, Microsoft is just one of the examples that can be cited.

Acceptance of improved TPM-based trustworthiness by U.S. Government agencies has been demonstrated as well. With NIST and TCG’s initial collaboration viewed as quite successful, expanded use of SCAP and TNC technologies can be expected.

While there are few guarantees in life, one thing is for certain, a non-activated TPM cannot deliver the added security it was designed for. So, the admonition to government as well as business organizations is: let’s use what we own, turn on the TPM and use it.

Source:http://www.gsnmagazine.com/node/26405?c=cyber_security

The strengthening U.S. dollar and slightly higher spending last year on hardware, software, and services as well as a reduction in projected spending by companies have combined to make Gartner revise its IT spending expectations for 2012 downward a bit.

Here’s the deal. Gartner reckons that IT spending was a little bit stronger in 2011 than its projections earlier this year pegged it, with sales of $3,661 billion worldwide across all categories of IT spending, including computing hardware, enterprise software, IT services, telecom hardware, and telecom services. In January, just after 2011 had ended but before many of the IT giants had reported its financials, Gartner said worldwide IT spending would be around $3,644 billion. So that’s an extra $17 billion, and that makes for a tougher compare now for whatever projections Gartner had for 2012.

On top of this, says Gartner, the greenback is getting stronger against other currencies. If you look at IT spending in local currencies and convert it to the prevailing dollar-local currency ratio at the end of 2011, then worldwide constant dollar spending on all stuff IT would rise this year by 5.2 percent, instead of the 4.2 percent that the economists at Gartner had been predicting in January. Such a comparison tells you how well everything is in local economies, but the biggest IT players are located in the United States, and they have to bring that money back here as dollars to count it and pay taxes. And when the dollar gets stronger, it means less of a revenue bump.

Finally, Gartner now says that companies will be spending a little bit less on IT stuff, particularly services.

Add all of these effects up, and IT spending growth is pegged at 2.5 percent for 2012 instead of 3.7 percent from the January projection. That’s a lot cooler growth than the 6.8 percent seen in 2011, obviously, and while there is not a direct link between global IT spending and our own pay rates here as employees in the IT ecosystem, there is some correlation going on, generally speaking.

Spending on computer hardware is now expected by Gartner to rise by 4.3 percent, to $421 billion, and enterprise software will grow even more, up 5 percent to $280 billion. IT services is cooling, with only 1.3 percent growth, to $856 billion. (Look at the ratio of hardware, software, and services. Do you think hardware is the problem, or services? I know what my answer is. . . . ) Telecom equipment spending will hot $472 billion in 2012, up 6.9 percent, if Gartner is right, but we are all going to try to cut back on the data and voice bills, with telecom services spending only rising 1 percent, to a whopping $1,721 billion.

Source:http://www.itjungle.com/tfh/tfh042312-story06.html