What is TPM, and what does it do?
The TPM as a concept was developed by the Trusted Computing Group (TGC) and then standardized by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2009. The most recent revision of this standard is 2.0 and covers the architecture, structures of the TPM, commands, and supporting routines.
TPM is meant, as a whole, to provide cryptography for various uses, a random number generation capability, and remote attestation to attest to the unchanged hardware and software configurations on the system.
The TPM itself also contains a special code called an Endorsement Key (EK) burned into the module, so the TPM can’t be changed. This code ensures that the TPM can’t be forged, which is the basis for the module being trusted. Once the TPM is confirmed, then the other parts and components of the system can be verified from information on the TPM or created by it.
Encryption is another important facility of the TPM as it allows the system to protect data using (in 2.0) SHA-1, SHA-256, RSA, ECC, and other cryptography algorithms. These algorithms enable the use of public-key cryptography so that you can add a key to your external and internal communications, as well as for other uses.
How will this Affect You?
If you or your organization intend to upgrade to Windows 11 or install systems/servers that use it, you will be required to have a TPM installed. If your systems do not have a TPM, then at the moment, you will not be able to use Windows 11. Although there is some talk about ways to get around this requirement, we have not seen a proof of concept.
Another piece to remember about TPM is that if you want the full functionality of its capabilities, you will have to have an IT and cybersecurity staff trained and skilled in implementing those capabilities. They might be able to use some of the functionality without that training. Still, it will probably be poorly set up and potentially offer less protection and usability. You will also take a chance that a poor implementation will reduce security overall rather than improve it.
The training of your personnel will be a financial burden, but the end result is a more secure work environment and data. Without your data, you probably wouldn’t be able to continue operating, so it is an investment in your organization’s future.
Adverse effects related to upgrading to a system or server with a TPM might include:
- Inability to use in-house software created specifically for your organization
- Having to upgrade or update other hardware and software to meet the requirements of the new hardware configuration
- Cost of training new personnel to install, update or use the TPM and associated software and capabilities; hiring new personnel
- Purchasing new hardware and recycling old in a secure manner
The questions that must be answered are those that are related to your organization’s requirements for the new OS or system, whether they fit the organizational technology planning, and any return on investment (ROI). Taking the time to make sure all these and other questions are answered thoroughly and accurately is part of doing business.
What should you do
As with any new system or software, validate the usability and security before bringing it into your working network. Check compatibility, both with existing systems and with your present software library. If there is a need to change either, it is better to find out before you bring these items online, as doing so afterward is almost always more expensive and time-consuming.
Ensure that the pre-existing hardware that you keep in-house can interact with the new systems, allow them to communicate externally as needed to verify components and software and that the systems are physically protected from tampering in their location. Servers should be secured in server rooms, behind access controls such as key/digital locks and multiple doors.
Update as needed, but only after checking that your systems won’t break when the update is installed or that other software packages won’t be affected adversely. Keeping your systems and software up to date is a significant component of your cybersecurity program, so this shouldn’t be an issue.
Northstarr Recommendations
Bringing in new equipment, software, hardware, or personnel is always a burden, no matter the business or need. Ensuring that you aren’t investing in something or someone that isn’t required, or might be too expensive to allow a measure of profit, can make or break your business plans for the future.
Allow us at Northstarr System Solutions to apply our expert skills and knowledge to the problem of making sure you attend to only those investments and upgrades that are important and valuable.
Consider moving your infrastructure to the cloud. Infrastructure as a service (IaaS) obviates the need for physical infrastructure on-premises. We can help you consider your options and develop a plan to get your business running smoothly on the cloud platform of your choice.
Visit us at our website for more information, or contact us for a free security/IT assessment of your needs and present capabilities.
You can also chat with us on our social media pages at:
We look forward to chatting with you and helping you to secure your future.
