Welcome
How Prepared Is Your Organization To Protect Against Hardware-Level Security Threats?
Crafting a holistic cybersecurity strategy is challenging for any organization, especially in the age of hybrid work and constant threat evolution. Hardware — the foundational pieces of a PC that lie below the operating system (OS) in combination with the layer provided by the system vendor — and the security tools and processes that protect it must evolve alongside other aspects of a holistic security strategy.
The savviest enterprises understand that an end-to-end approach that includes hardware, network, OS, and endpoint security software is critical to a comprehensive endpoint security solution. However, most enterprises today don’t follow this advice. Too often, they focus on network-, OS-, and policy-level protections while ignoring the role that hardware security plays in establishing a strong foundation for endpoint security.
How prepared is your organization?
The assessment will yield customized results and recommendations based on your responses and should take no more than 2 minutes to complete.
Questions
How much of a priority are the following security initiatives for the next 12 months? (Select one per row.)
Questions
How important are the following components to your endpoint security strategy? (Select one per row.)
Questions
Which of the following levels of device security is your organization most focused on? (Rank in order of priority, with 1 being the highest priority.)
Questions
How important are each of the following to your overall endpoint security capabilities? (Select one per row.)
Results Overview
It’s clear that organizations can’t ignore the benefits of integrating device-level security into a holistic cybersecurity strategy. The question is where organizations should start. Despite the technology’s reputation for complexity and high cost, organizations can still build business cases to integrate client hardware security into their technology stacks.
Where is your firm today, and what can you do to improve? Continue to see your personal results and recommendations.
Recommendations



Your maturity result: Advanced Intermediate Beginner
Beginner
Your score means your organization’s device-level security strategy is only in the beginning phase.
To improve, start by building a strong understanding of the need for and value of device-level security. You can:
- Study the different components of hardware-level security and fully understand how they contribute to an effective endpoint management and security strategy. Specifically, focus on the less common hardware-level protections such as hardware root of trust, preboot authentication, and virtualization-based security. These more advanced features (as opposed to USB disablement) are hallmarks of a robust endpoint security strategy and can serve as a roadmap for potential investment.
- Consult your silicon, operating system, and PC vendors to understand what types of device-level security they provide, how they integrate with other components of the stack, and how they’re enabled within a broader cybersecurity strategy.
- Consult peers in your industry to understand how they’re leveraging hardware-level security today.
- Map out the cons of not investing in hardware-level security. How will it impact the overall security posture? Employees? Customers? Brand? Be as specific as possible and try to quantify any negative impacts a lack of hardware-level security could have on the organization.
- Build a business case for investment in increased hardware-level protection. What benefits with it provide? Again, be specific and tangible, linking it to increased operational efficiencies, decreased breaches, and better end-user experience.
Intermediate
Your score means your organization’s device-level security strategy is in the intermediate phase.
To continue to improve, you must move beyond learning and into initial piloting. In your plans:
- Leverage hardware-level security in new device purchases. For example, if your organization is conducting a device refresh with the latest available operating system, start experimenting with hardware-level security on these devices first. A great first step with these new devices would be to focus on TPM-level protections, as the latest devices and OS upgrades often require TPM 2.0 compatibility.
- Focus on maintaining a more consistent firmware upgrade process for new devices. A frequently updated BIOS, for example, provides a solid start to a comprehensive device-level security strategy without overburdening IT or employees.
- Evaluate the compatibility of devices that aren’t refreshed but need an OS upgrade with some of the newer hardware-level security protections (e.g., TPM). If compatible, make the upgrade and start enforcing device-level protections on those devices as well. If not, wait until the next device refresh.
- Focus on the more basic forms of device-level protections for devices that aren’t due for a hardware or OS upgrade any time soon. These protections include USB disablement, preboot authentication, and firmware upgrades.
- Begin conversations with team members that focus on other aspects of endpoint protection (e.g., OS, network, apps, etc.) to start linking hardware investments to the broader security strategy.
Advanced
Congratulations, your score means that your organization’s device-security strategy is advanced! At this stage, you’re looking to better integrate device-level protections into the broader security stack and optimize the strategy for a better user experience. Be mindful to:
- Evangelize the benefits of hardware-level security to the organization often. With the constant rise of new threats, there will be temptation to focus on the newest types of threats and forget about hardware security — don’t let this happen.
- Take an inventory of the entire endpoint cybersecurity stack to uncover areas of potential simplification. Because of your investment in hardware-level security, you may have multiple technologies providing the same type of protection (e.g., malware protection). Ask yourself if your organization is duplicating investments. Is there a potential to remove some endpoint security technologies above the firmware level that are redundant? What cost savings could you achieve by removing these technologies? Would there be any user experience benefits or security drawbacks?
- Deploy a full stack of hardware-level protections, including the newest and most advanced capabilities, such as virtualization-based security.
- Conduct an assessment of how hardware-protection processes are impacting end-user experience. Specifically, areas like firmware updates can be particularly disruptive to employees. Are employees happy with the current process? How could they improve? Linking hardware-based management capabilities to experience monitoring tools could unlock another level of understanding the impact of device-level security protections on end-user experience.
Next Steps
Read the research
Thank you for taking the time to complete this assessment! Click here to read the full Forrester report commissioned by Intel.
Ready to get started?
Ready to accelerate productivity, maintain greater security, reduce your costs, and provide employees with a great user experience? Connect with a Pro now.
View your detailed results and recommendations
Methodology And Disclaimer
Methodology And Disclaimers
Methodology
Methodology
In this study, Forrester conducted an online survey with 647 respondents at the director level or higher with influence over technology selection strategy, remote work, and device investment decisions at organizations that faced a breach in the past 12 months to explore this topic. Respondents were offered a small incentive as a thank you for time spent on the survey. The study began in February 2022 and was completed in March 2022.
Disclaimers
Although great care has been taken to ensure the accuracy and completeness of this assessment, Intel and Forrester are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein.