A new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. What is the easiest way to implement this new policy?
For existing systems the best option to add additional hardware based encryption functionalities is using a Hardware Security Module (HSM). HSM's are usually stand alone devices that can be used by other systems or expansion cards that can be added. Trusted Platform Module could provide similar functionalities but are permanently embedded into a system, so to use a TPM the systems falling under this new policy would need to be replaced with new hardware that has a TPM.
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard.
TPM is used for digital rights management (DRM), Windows Defender, Windows Domain logon, protection and enforcement of software licenses, and prevention of cheating in online games.
One of Windows 11's system requirements is TPM 2.0. Microsoft has stated that this is to help increase security against firmware and ransomware attacks.