»  Search

No one wants to have to use two PCs every day, or carry around two notebooks, one for work and one for personal use. So it’s understandable that employees make online bids during work hours or download music to listen to while completing a presentation with the company PC. But if they do, they may expose the organisation to online threats without even realising it.

Online risks are real and growing. In fact, many companies are setting restrictions on Internet usage to reduce this area of risk. IT departments are blocking access to online communities to avoid exposure to intrusive malware mini-applications. They’re sending personal e-mail attachments to junk mail and warning against downloading music, to protect the company network from viruses.

Nevertheless, employees browse social networks for potential sales leads, listen to their mp3 music collection while travelling to a client site, or handle personal finances during business hours – all on the company-issued and owned PC.

“In time, such a blurring of business and personal activities will be harder to restrict. Something has to be done from the technical side to make it safe to do both on your work PC,” says Richard Brown, Senior Project Manager at HP Labs Bristol.

Brown and his project team reason that as more and more services go online, and more and more business happens around the clock around the globe, employees are more likely to conduct personal online activities while at work. Organisations will never be able to address the risk by restricting all online activities.

But soon there may be an alternative for organisations that need to maintain a high level of security. Rather than restrict online usage or require separate devices to maintain separation of business and pleasure, Brown’s team is researching a security approach based on trust. Their vision is a single PC that functions like two or more separate machines. It’s called a Trusted Converged Client (TCC).

Although still at the exploratory stage, this PC uses virtualisation technology to create totally isolated compartments within the one device. Activity in the “personal” compartment never affects company activity or data which is contained in another compartment. “It might sound impossible but that’s what virtualisation allows,” says Brown.

For example, an employee who has a compartment for personal use and another for business use can download a small application from his bank, which will run in yet another isolated compartment. He can then conduct online transactions without exposing his organisation to any risk. And, as a bonus, the employee keeps his personal finance details safe from potential malware in his general purpose personal compartment.

An added level of security is achieved through a special chip, the Trusted Platform Module (TPM), designed to report correct software configuration. Until the TPM reports that a given software compartment isn’t compromised, confidential data remains encrypted and secure, helping protect against phishing attacks and other malware. The chip is based on security standards developed by the Trusted Computing Group industry consortium. HP Labs has been leading the integration of that technology into virtualisation software in a collaborative European Commission funded project called Open Trusted Computing.

Brown’s research stems from the basic truth that people will tend to take risks. “We want to give employees a legitimate, secure way to access all the things they want but that corporations have to restrict. Then there will no longer be a need for employees to take risks. That’s good for the company,” explains Brown.

Whilst currently only a prototype, Brown and his team hope someday to see the Trusted Converged Client offered with other innovative HP Security Solutions. It may be just the solution so many organisations need to mitigate risk without restricting work tools.