When Intel Corp. announced its acquisition of McAfee Inc. last week, the silicon giant said it would help boost its strategy of integrating security into its chips. But analysts and experts say the technology has a long way to go before it will gain widespread adoption in the enterprise.
A large percentage of [TPMs] are not being used today, but there's been a strong emphasis on getting enterprises to start using these for network access.
directorTrusted Computing Group
Like its chief competitor, Advanced Micro Devices Inc., Intel manufactures chips that support the Trusted Platform Module (TPM). The tiny chips are built into many PC motherboards with the goal to improve security by acting as the device's sole key and identity repository. With more than 300 million TPM chips deployed today, only a tiny fraction are enabled, admits Brian Berger, director of the Trusted Computing Group (TGC), the organization that produces open standards for the TPM.
"A large percentage of [TPMs] are not being used today, but there's been a strong emphasis on getting enterprises to start using these for network access," Berger said. "There's been a gap, but we're finally seeing full penetration of TPM within organizations."
When the $7.7 billion acquisition of McAfee was announced, Intel executives signaled that it could integrate some of the security vendor's technology into its Atom processors used in netbooks, smartphones and consumer electronics, such as televisions. The announcement was seen as a boon to hardware security advocates like Berger, who say the technology makes identity management and authentication more efficient and further locks out attackers from gaining access to the network.
"Security is as applicable in the data center and PCs as it is in embedded and other Internet-connected devices, even cars that might be connected," said Renee J. James, senior vice president and general manager of Intel's Software and Services Group, on a conference call with analysts and media last week.
TCG's Berger, who is also executive vice president of sales and marketing for Lee, Mass.-based Wave Systems Corp., a firm that makes software which uses TPM technology, said Intel helped broaden the scope of how hardware-based security could be used.
"I think it's an endorsement of hardware and software working together to provide enhanced security in areas where it's difficult," Berger said. "Intel articulated the value proposition around hardware security and software to enable that."
Still, some analysts were left scratching their heads over the Intel acquisition. Mike Rothman, analyst and president of research firm Securosis LLC, said he doesn't see any enabling technology from McAfee that would help Intel move forward with its strategy of integrating security into its chips. Pete Lindstrom, a research director at Spire Security agrees.
"I'd be shocked if there is any kind of migration of software that has any kind of effect on enterprises other than POS and invoices, say Intel instead of McAfee. At least in the near-term," Lindstrom said. "Intel's story has always been Intel inside. This is Intel going outside and it's not clear to me that Intel has any more robustness and go-to-market resources to better compete with Symantec and others in this market."
Intel may also look at ways to merge its vPro platform into McAfee's ePolicy Orchestrator (ePO), the security firm's centralized security management and reporting console. Intel's vPro platform brings together a hardware management console for remote management energy efficiency and security.
Hardware security in the future
Microsoft's BitLocker drive encryption uses TPM chips to protect data in Windows Vista and Windows 7, and has been responsible for much of the current use of hardware-based technology. One of the biggest users of TPM chips, highlighted at the Trusted Computing Group's website is Dedham, Mass.-based pizza chain Papa Gino's Inc. The company's use of the hardware-based security is limited, but one of the benefits gained is in key management, said Chris Cahalin, director of network operations and information security at Papa Gino's.
"We do use TPM's for simple things like hardening digital certificates (email and VPN) and protecting online ID's generally," Cahalin wrote in an email message. "Some folks use the persistent data protection aspects in combination with their full disk encryption solutions for protecting personal data even when the drive is unlocked."
Cahalin said he thinks the Trusted Network Connect technology holds promise for various cloud computing scenarios. The technology, analogous to the network access control solutions of a few years ago, uses TPMs to verify the status of machines before they connect to a network regardless of what platform is running on the device.
Gartner's Henry said another emerging area for hardware-based security is around virtualization. RSA, the security division of EMC Corp., Intel and VMware unveiled a proof-of-concept in May, demonstrating the use of Intel's new Westmere processor in creating a "base root of trust" in virtualized environments. The concept authenticates the boot sequence, verifying configuration settings, initializing the BIOS and launching the hypervisor and then authorizing guest machines. Microsoft is also designing a similar concept called the Next-Generation Secure Computing Base, which uses Windows and hardware to support security and privacy protection.
"In theory, I like the idea. It's necessary, but not efficient in protecting the computing environment, because we see so much evidence of attacks moving up the stack," Henry said. "With phishing, it doesn't matter if you're running a secure OS."