Published by ZDNet Australia, October 30 2003

Despite the availability of sophisticated hardware security solutions, it seems many businesses aren't interested in doing much more than encrypting data.

According to a survey of customers by IBM, the most common use for its embedded security system -- essentially a 'security chip' built onto its PCs and notebooks which allows certificates and other security-enabling technologies to be stored independently of a PC's memory and hard drives -- is simply to encrypt files, making them less susceptible to attack if a machine falls into unfriendly hands.

Clain Anderson, program director for client security at IBM, admitted the company was a little surprised by the outcome. It had anticipated that more companies would use another potential enhancement enabled by the chip, which allows companies to discard secure hardware tokens in favour of a system which displayed the required token data on screen.

Such uses may increase on the future as people become aware of the potential of combining hardware security with software solutions. "A lot of people are turning on the security chip just for the password management features," he said.

Security chips are predicted to become a common feature on PCs in the future, following the emergence of standards backed by the Trusted Computing Group. IBM and HP already offer such chips on some models, and Toshiba is expected to do so in the near future, as is growing Chinese computer manufacturer Legend.

To encourage the development of applications which utilise such security hardware systems, IBM later this week is due to release a software development kit (SDK) to a group of around 30 ISVs. The SDK will eventually be made available online, Anderson said.

Angus Kidman travelled to IBM's design centre as a guest of IBM.