Skip to main content

What is TPM, and why does it matter to your business?

What is TPM, and why does it matter to your business?
TPM-enabled devices such as Dell's Latitude 10 Tablet offer rock-solid security for your data

The technology industry isn't short of acronyms, but TPM really matters. TPM's purpose is to protect your business's data. TPM stands for Trusted Platform Module, and it's a little bit of hardware that makes a big difference. It's a small processor whose job is to protect the data on a device.

Data protection particularly important with laptops and tablets, because of course such devices are lost and stolen in huge numbers: BCS, the Chartered Institute for IT, reports that one-quarter of UK businesses have had a laptop lost or stolen in the last year.

Each of those laptops is a data disaster waiting to happen, because laptops are often used to store sensitive or regulated data - HR records, perhaps, or financial data, or your top secret plans for global domination. If that data got into the wrong hands...

Enter TPM. TPM can be used to encrypt data so that even if it falls into the wrong hands, unauthorised users can't access it.

TPM in action

A TPM-protected device such as Dell's Latitude 10 Tablet requires its user to identify themself. Depending on your systems, that identification can be accomplished in several ways: using a PIN code or a password, through biometric data such as fingerprints, via a smart card or a one-time password, or by a combination of those methods. Whatever method you choose is the key to your system, and your data is safely locked away.

TPM's job doesn't stop when the correct user is logged in. It can be used to encrypt the entire hard disk or just parts of it, it can authenticate online activities such as secure email and virtual private networking, and it can also be used to ensure that when a computer reaches the end of its life it doesn't go to the recycler with any confidential data still on it.

TPM, so hard to beat

TPM-based encryption is exceptionally difficult to break. TPM-protected data can't be read without the correct authentication, and because encryption keys are processed independently by the TPM processor it isn't vulnerable to operating system vulnerabilities or software-based hacking attacks.

It isn't vulnerable to physical attack either. TPM-enabled devices can tell if hardware has been added or removed, and they can be configured so they'll refuse to operate if they detect such tampering. You can't beat the encryption by removing the hard disk and putting it in another machine, because TPM-based encryption can only be unlocked from by the specific TPM processor that locked it away in the first place.

And even extreme measures such as transplanting the TPM chip into a different computer won't work, because the TPM processor is tied to the device it was first installed in.

Taken together, those features mean that the TPM offers businesses something very important: the knowledge that even if devices fall into the wrong hands, the data on them won't.