A new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. What is the easiest way to implement this new policy?
For existing systems the best option to add additional hardware based encryption functionalities is using a Hardware Security Module (HSM). HSM's are usually stand alone devices that can be used by other systems or expansion cards that can be added. Trusted Platform Module could provide similar functionalities but are permanently embedded into a system, so to use a TPM the systems falling under this new policy would need to be replaced with new hardware that has a TPM.