Cyber security is a subject that’s been on everybody’s lips so far in 2012. It’s the latest business battleground and an international issue that’s rarely out of the headlines. Cyber-crime is an ever-present threat to companies and one that’s estimated to cost the global economy $1trillion a year – almost 1.75% of global GDP.
Businesses are understandably concerned, and it’s a threat that William Hague, UK Foreign Secretary has described as “alarming” and “a rapidly multiplying set of challenges in cyberspace on government and institutions”. But whilst it’s clear governments understand the issue at hand, what are they actually doing about it, and what does this mean for your organisation?
Governments are deploying both the carrot and the stick in their efforts to get to grips with the growing threat of cyber-crime. Around the globe they are updating their data protection and compliance laws that will mean all organisations must not only protect data on their IT systems, but also prove that they have made the best efforts to do that.
Perhaps the most publicised of these updates came in January when the EU announced it’s new data-protection regulations, a mandate that affects every company and organisation both inside the European Union and across the world.
When these regulations come into force, for the first time companies will need to show proof of compliance and that means having in place an effective reporting process that demonstrates in detail the network security and data protection methods in action. This move to mandatory reporting and full compliance means that companies can now face substantial fines and other sanctions if data breaches occur and they will have only 24 hours to act.
The problem is that most companies in the UK and the Continent still rely on data protection policies and technologies that are as dated as Europe’s 16-year-old regulations. And the drive behind the new policies is to drive companies to review and upgrade their security, compliance and reporting processes.
Whilst the stick is undoubtedly attempting to whip companies’ cyber-security in shape, governments are also dangling a carrot by throwing their weight behind new technologies and security systems designed to tackle the ever-evolving threat of cyber-crime.
One thing that’s clear is that traditional software-based security is failing to assure the integrity and security of our IT infrastructure and so a new solution is needed to meet the new threat landscape that is facing systems. Government support suggests that solution may involve moving inside the device to secure the very hardware itself, based on the in-built security provided by the Trusted Computing Group standards.
The base of Trusted Computing is the TPM hardware chip, a security solution that is already included in more than half a billion devices and yet most companies aren’t using them. TPM’s are attached to a computer’s motherboard and establish automatic and transparent authentication of known network devices and users; and, because the TPM chip is physically part of the device, it’s uniquely suited for creating and verifying strong device identities and ensuring only authorised access to networks.
It’s perhaps no wonder then that the Trusted Computing open standards on which the TPM is based has gained the support of the US and UK governments. Indeed, the information Commissioners Office and the Cabinet Office have been actively promoting the benefits of Trusted Computing as a solution to the growing threats that British businesses face in terms of data protection.
The Trusted Computing Standards involved companies utilising the TPM as well as adopting SEDs or Self Encrypting Drives as part of their enterprise level protection. The benefits are trusted device interoperability on the network, substantially reduced costs of device management, clear control of data storage, and absolute control over hard-drive decommissioning; which is another major cost-saving.
Trusted Computing is also essential as organisations move beyond the firewall. This device-based security solution offers unmatched protection, particularly for modern day organisations where workforces and their devices are mobile and move beyond the safety of the firewall. It will also play a key role as organisations continue to move towards the cloud and prepare to face the unique security challenges that this evolution in IT infrastructure will present.