The TCG effort builds upon the early government work, adding features needed for commercial systems. This has resulted in an open specification that is already appearing in hardware from IBM and other vendors.
The key TCG hardware component is the Trusted Platform Module (TPM), which holds a unique public/private key pair signed by the manufacturer and an AES (Advanced Encryption Standard). It can create more keys that can be used to prove that any data coming from a Trusted Computer really came from it, and who can view it, even if the data is anonymous--all without revealing which Trusted Computer the data came from. This "attestation" feature is the one everyone is looking for in cooperative computing environments.
Microsoft's NGSCB is an example of the mixed mode of Trusted Computing operation, where some parts of the OS and some applications are Trusted and others are not. You can run the things you really care about in the Trusted environment. But there are too many new hardware and software requirements to expect a totally Trusted environment to be widely deployed as user platforms. Microsoft did not design NGSCB for the current TPM specification, but it's working so that the next version will meet TPM requirements, thus resulting in further delays for Trusted Computing.
TCG is not the only Trusted Computing effort. Although Microsoft's Xbox is not a Trusted Computing platform in the technical sense of the TCG--there is no TPM and no way for one Xbox to make a security claim to another--the Xbox does provide for a Trusted operating and application environment. All applications must be signed with certificates from Microsoft's special Xbox PKI, or they won't run.
Whatever the initiative, Trusted Computing won't solve the problem of mistrust in the Internet. Malicious code will still run in the untrusted parts of systems. There are just too many computers without TPMs, providing fertile fields for malicious code attacks. Even Trusted applications are not safe from attacks against bad coding like buffer overruns. If there were a fully Trusted OS from Microsoft with a buffer overrun that allowed DEL c:\
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
