After decades of hacking, cyberattacks, malware, ransomware, and other data security threats, we still do not have data protection managed by policy and applicable to all devices—from smartphones to servers.
The Trusted Platform Module (TPM) is an example of the kind of hardware-backed data security building block we would like to see. However, TPM has not experienced the uptake necessary to realize this vision. Nevertheless, the typical enterprise server and PC client refresh cycle is finally likely to encounter the option of a TPM-enabled backplane. Plus, while no mass market smartphones expose TPM-like capabilities to third-party app developers, improvements in data loss prevention can be realized by implementing storage and lifecycle policies in software on these platforms, and complementing those protections with other defense-in-depth measures.
In End-to-End Enforcement of Hardware-Based Data Protection, we describe an enforceable system for better data security, including new technology that binds hardware-protected cryptographic keys to environmental measurements such as time and the behavior of the user.