During the last few weeks I have received a large number of press releases issued by Wave Systems. Reading the headlines, my impression was that this is just another vendor oversimplifying security. Headlines like “Change the status quo of security: Just switch on” caused that impression, given that behind these headlines you usually find a tool vendor with limited capabilities and big claims who tries to sell a little piece of software as the holy grail of IT security.
So I thought about using these examples as a starting point for bashing a little on that type of vendor. However, after reading beyond the headlines, I found an interesting story. Wave Systems is heavily promoting the active use of TPM chips, a security chip built into a very large number of PCs, notebooks, and other computing devices. Wave mentioned that 500 million TPM chips have been delivered so far. One technology that makes use of the TPM chip is Windows BitLocker, a built-in encryption technology in Windows. However, few users have BitLocker activated. In other words: There are hundreds of millions of devices out there which could be secured far better than they are. Interestingly, Apple built-in TPM chips between 2006 and 2009 and then stopped doing that.
TPM (Trusted Platform Module) is an industry-standard technology which allows to securely store sensitive information on a chip. It’s a very secure technology and it can be used for different use cases, beyond the encryption keys for the hard disk. The problem simply is that it is rarely used. BitLocker isn’t used by default. That is no surprise as most of the TPM hardware came out after the release of Windows Vista, the first version with BitLocker support.
Thus, I find the approach of Wave Systems to offer security solutions which make use of the TPM technology interesting – even more, because they also offer a product for managing BitLocker. Thinking about TPM as a central element in your security strategy makes a lot of sense, because that’s the built-in HSM (Hardware Security Module). So you should have a look at TPM (or look again, if you had one before).
Sometimes it really makes sense to read more than the headlines, especially if the headlines make you wonder. In the case of Wave Systems it was definitely worth to dive in a little deeper.