The dawn of 5G and the Internet of Things (IoT) era is rapidly approaching, facilitating the design and development of innovative devices with greater capabilities. COVID-19 is further driving this industry at a tremendous pace as companies seek more agility through digital transformation. With anticipation building for this new network of cutting-edge technology to be realized, consumers have ever-mounting expectations as to their personal platforms such as gaming systems, smart home devices and streaming options – including how customizable they are. In order to effectively deliver a tailored experience to each individual user, operators must harvest, store and analyze vast amounts of data – and this is only set to grow with the emergence of the latest tech.
Such expansion of IoT requires an increased range of personal data to be gathered to meet these personalization demands. With a larger, more detailed variety of user data being stored by operators, the value of the information rises, as does the potential for cyberattacks. Thus, it is vital that organizations employ full-coverage security measures to protect their own data and that of their customers, ensuring that they remain reputable and relevant among a sensitive and competitive market.
What most users are not aware of is the fact that effective cybersecurity technology starts with them. As data is encrypted within the operating system and hard drives, many believe their information to be safe from outside influence. However, this is not the case; there are many more preventative measures that are advised to ensure responsible Trusted Computing.
All personal computers – and a growing number of IoT devices – are installed with a Trusted Platform Module (TPM) which protects the user’s data from hackers by not only encrypting it, but also storing the encryption keys within the TPM chip. By failing to properly store these keys so that they are hidden within the system, hackers can easily find and use them to read all personal information stored on the computer. This includes data such as biometric and password authentication, protecting user access to websites and platforms. Superior to generic password manager software due to its larger vault capacity, the TPM can securely store complex keys used to protect passwords, only decrypting the password once it has been submitted from the memory vault. In initiating the TPM, the end-user ensures that the keys are kept hidden, making any attacks by hackers detrimental in their potential payoff versus the effort needed to decrypt the keys from their storage unit.
Self-Encrypting Drives (SEDs) are also an option, offering Opal standard protection across all commercial drives on the market. Usable by any IT department to improve the security of their devices, SEDs harness the ability to continuously encrypt the hard drive without user interference. In sending all data through a Data Encryption Key (DEK) when it is being both stored on the drive (encrypted) and read by the user (decrypted), the data stays constantly protected without any need for interference. This system also offers the option of an emergency hard drive reset – if the data on the drive needs deleting permanently and quickly, the user can command the SED to change the DEK encryption, rendering any data stored via the previous DEK unreadable. The use of this alongside the TPM, which hides these DEKs, makes for better security coverage and stronger layers of protection.
The misunderstanding that security measures take time, money and effort to implement is one of the largest front-line threats, as the reality is that the standardized measures in both personal and corporate computers make them available at the flip of a switch. The risks to sensitive information come with lack of education as to the security resources available at the fingertips of the user, and many crucial settings get overlooked. In terms of organizational enterprises this is an especially important factor, as the data carries monetary value and is stored on an entire network of computers – even more potential gateways into the cloud. SEDs and TPMs provide a readily available form of protection for corporations, thus minimizing the costs of security coverage across entire fleets.
Taking stronger measures
Other, more advanced measures which can be implemented for better Trusted Computing include Integrity Checking and Measurement. By recording the conditions under which the PC normally boots – the software running, the operating system and the drivers – a fingerprint of normal operations can be taken. This baseline is used against all other boots to compare and measure what is normal and abnormal. If anything diverts from this learned norm, it will be detected via these integrity checks and a new fingerprint will be generated to account for the threat (e.g. a virus). This tamper alert will cause the TPM to lock the encryption keys for both the hard drive and password vault within the chip, rather than releasing them, until the threat is cleared. By interrupting the boot, and keeping the keys, attackers are prevented from ever getting into the machine data or reading them out of memory.
This same measurement of device health can also be applied to wider networks. Device Health Attestation allows an administrator to validate the measurements in the TPM and, thus, the health of the device remotely via cloud-based or premises services. If a device is found to be infected, it can be easily quarantined. The benefit of having personal access to device health measurements, as an organization is that as IT admin you can actively monitor your devices to identify which are healthy or infected based on the TPM.
While the TPM won’t prevent devices from getting infected, they will prevent the secured data from going anywhere and keep it out of attackers’ hands by alerting the user to any infection. The TPM works effectively as a baseline protective measure for every PC and IoT device, laying the foundations for additional measures to be introduced and offering readily available resources from which a strong security unit can be built. Without implementing the very systems already ingrained in existing devices, networks are left open to threats such as ransomware, among other viruses. The threat of stolen, re-encrypted or leaked data that companies are then charged to get back is a common attack, and one that is a huge concern as the data vulnerable to extraction is vast and valuable.
The only thing stopping users from implementing the security they have already paid for is knowledge. Knowing how to take advantage of the security resources available is key to protecting both personal and corporate data. With $8 billion lost due to ransomware attacks in 2018, a 79% increase over the previous year, leaving data vulnerable is a dangerous and costly risk. As a result, authorities such as the UK government’s National Cyber Security Centre and leading organizations such as Microsoft are encouraging the proper use of cybersecurity measures and recommend TPM use as a best practice for users.
The industry is still working towards a future which eradicates cyberattacks altogether, making security measures restorative, rather than defensive. New developments currently involve automated recovery features installed within devices, allowing them to automatically detect threats, shut down to protect the data and self-heal, restoring a clean set of software onto itself. This is a promising outlook for the Trusted Computing industry and marks a cutting-edge milestone for next-generation devices. For now, however, we must make utilizing the technology currently existing at our fingertips our own responsibility, and actively contribute to the safety of our own property using software we have already paid for.
*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: https://www.cpomagazine.com/cyber-security/no-one-elses-business-crucial-steps-in-achieving-effective-organizational-trusted-computing/