TPM, or Trusted Platform Module is a method of cyber security rising in prominence due to the unveiling of Windows 11 earlier this year, which requires your device to have a TPM chip.
Institutions, businesses, individuals, can be slow to take on the latest operating systems, like Windows 11, but eventually you have to make the switch, then you’ll be using TMP too.
What is TPM and how does it work?
Let’s do the tech speak version first, and make sense of it after. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations.
Which creates an algorithm containing random characters in a particular order, which serves as a digital signature, which functions as the key to your device, or the data inside.
Simply put, a TPM chip inside your device, and just like a physical key, it locks (encrypts) data so that only someone with the right key can unlock (decrypt) it.
When we talk about cyber security, a lot of the time we’re talking about software, which by its nature has to be more malleable, it can and will be changed.
For software to be improved, you download more and more updates, as discovered weaknesses are exploited, and improvements are created.
Software works effectively when it is supported and updated. We have a whole blog about the importance of staying up to date with your patches.
But not all security is software, some of it, like a TPM chip is hardware. It is physical, which makes it immune to the hacking that software can be susceptible to.
As a piece of hardware, the only way it can be tampered with is if someone literally goes into your office, opens up your device by hand, and messes with the TPM chip. (But even then, the chip includes multiple physical security mechanisms to make it tamper-resistant.)
That’s where things like physical locks and keys come into play. But protecting physical property is something we’re taught and experienced in, cyber security, not so much.
The main features of TPM are:
- Generate, store, and limit the use of cryptographic keys.
- Use TPM technology for platform device authentication by using the TPM’s unique RSA key (an algorithm used by modern computers to encrypt and decrypt messages.)
- Help ensure platform integrity by taking and storing security measurements.
If you want to know more about the technicalities of TPM, Microsoft’s got you covered, Trusted Platform Module Technology Overview.
How TPM will help your business?
There’s a whole litany of cyber security options available to businesses, we recommend and supply an effective and economical variety.
But TPM has an appealing advantage, especially for those who aren’t too bothered about the latest software, that can do this, that and the other.
The encryption keys that protect your device and data, are processed independently by the TPM processor. This isolates those encryption keys form the rest of your device.
Meaning, the TPM isn’t vulnerable to operating system vulnerabilities or software-based hacking attacks, whether it’s phishing or malware, they cannot breach this bit of hardware. Which means your data stays safe.
With a device that is TPM protected, it will always require its users to identify themselves before they login. What identification it requires is very much up to do you, there’s multiple options:
- PIN codes
- Fingerprints scans.
- Face scans.
- One time use passwords.
You have the flexibility to choose what’s best for you, your business and your employees.
We’d recommend, whichever you choose, require multiple levels of authentication. Don’t settle for just one barrier between your data, and an intruder. We’ve got a blog about the benefits of Multi-Factor Authentication.
TPM benefits extended beyond protecting the login process. It can also be used to encrypt specific parts of your hard drives, and even online usage as well.
This allows you to tailor the security standards of each device, depending on the needs and roles of your employees.
Data protection portable devices like laptops and tablets are more likely to be misplaced and stolen. Each of those devices is a data breach disaster just waiting to happen. They can be filled with all sorts of sensitive data, that should not be exposed.
Like we’ve said before, having a TPM encrypts the login process, and it can encrypt the data within the device as well. Any unauthorised user cannot access the data inside. Even if the device is lost or stolen, your data is protected with TPM.
Does your device already have TPM?
If the benefits of TPM sound interesting, or you’re looking forward to using Windows 11, then why not check if your computer has TPM already? It’s easy enough to do.
- Go to the Start menu and search for Windows Security.
- Click on Device Security.
- This new window will show if your device has a TPM installed. It should say Security processor, with a green checkmark beside the icon. If that Security processor icon isn’t there, then you do not have a TPM installed.
What to do without TPM
If you’re eager to use Windows 11, and find that your current device is lacking TPM, that might mean having to buy a compatible Windows 11 PC.
If you need to replace your computer with one that has a TPM, why not speak to us to make sure you get the right equipment. We specialise in sourcing hardware from multiple vendors.