Long viewed as a major vector for incoming threats such as viruses, malware and worms, organizations are also increasingly viewing laptops as a primary weakness in the fight against the theft, loss and misuse of information. The trouble with mobile devices is they make your data mobile too, which is the last thing you want for data security. Every night critical, sensitive data leaves the confines of an organization, crossing the firewall and network defenses on the hard drives of laptops stashed in briefcases.
With the launch of Microsoft's new operating system, Vista, endpoint data security will harden significantly – and that's not just a metaphor. Encryption is the gold standard when it comes to protecting sensitive data. It's the last line of defense when all other security measures fail. But until recently the encryption keys themselves have not been sufficiently protected on PCs. Vista changes that situation.
Vista is the first mainstream software that can interact with Trusted Platform Module (TPM) hardware. TPMs store the keys that underpin encryption in a tamper resistant hardware environment, which is much more secure than storing them in software. When stored in software encryption keys are easily identifiable because, unlike the rest of the data on a laptop or desktop which has some underlying order to it, encryption keys are composed entirely of a string of random numbers. This randomness makes encryption keys stick out like a sore thumb on a scan. Once identified these keys may be stolen and used to decrypt the very data that encryption was supposed to protect.
When stored in a TPM however, the key is protected from those who would attempt to ferret it out through software manipulation. Any attempt to modify any of the critical operating system files or machine configuration will be detected by the TPM which will then refuse to allow access to the encryption key. Furthermore since the key resides within the TPM, moving the hard drive to another machine does the attacker no good at all since the key will not be available and the attacker will see only random encrypted data. Administrators can choose to protect the TPM by simply using a password or require a password and an extra key stored on a USB stick for enhanced security. With a TPM, if a CFO inadvertently leaves her laptop behind in a cab, because everything is encrypted and the keys are safe, there's a greatly reduced danger of losing corporate secrets to an unscrupulous competitor.
Storing server keys in dedicated hardware is not new and in fact has long been best practice for security-conscious organizations such as online retailers, banks and government agencies. Nevertheless there has been an open question within the IT community over whether this level of security around key management is justified for more mainstream organizations. Microsoft's endorsement of hardware protection for keys on mobile and desktop devices goes a long way towards ending that debate.
Leading computer manufacturers have been shipping machines equipped with TPMs for well over two years. IDC forecasts that more than 75 percent of new PCs sold in 2007 will include a TPM chip, even though mainstream software applications could not easily take advantage of the new security feature. The launch of Vista unleashes the security potential of these latent TPMs, but unless organizations develop a system for delivering, archiving and retiring keys in a systematic and secure fashion, IT staff will quickly become overwhelmed and data could be lost, bringing crucial business processes to a halt. If IT administrators think they have headaches managing passwords now, imagine what will happen when the organization starts encrypting all the data on the hard drives?
Archiving is a crucial part of the equation. For instance, let's say that the same CFO rather than losing her laptop finds that it has broken down. Now the issue is not one of security but of recovery. The last time her machine stopped working IT simply popped out the hard drive, switched it to a new machine and she was up and running in minutes. But this time the situation is different. Data on the drive is encrypted and therefore useless without the keys that are still locked away in the old and now broken machine. This goes to show that without a reliable archive of keys encrypting the hard drive is just one misstep away from shredding all one's data.
Vista will go a long way towards increasing the security of data stored on mobile and desktop devices and features within ActiveDirectory can help with key recovery. It is anticipated that third parties will provide more advanced tools for enterprise key recovery to further simplify the task for IT departments in providing laptop security. The combination of using TPM chips and the disk encryption technology within Vista firmly reinforces the best practice of storing cryptographic keys in hardware. But with power comes responsibility. Unless organizations spend the time and effort required to develop a robust process for managing encryption keys they may find that instead of making their organization more secure they will instead hurt the business' ability to get work done.
-Nicko van Someren is CTO of nCipher.