Computer programs ultimately are executed by physical hardware- and the correct behavior of this hardware is essential to correct behavior of software. This is especially true for security tools — there are decades of hardware side channel attacks designed to subvert software security systems.In the course of developing Portal Masquerade- the secure travel router- we explored a variety of hardware protection techniques for client hardware. At CryptoSeal- and now at CloudFlare- we’ve developed server-side hardware protection. Unfortunately- a lot of documentation- tools- and support has been lacking — in this talk- we show the state of the art in hardware protection- a simple methodology for identifying when hardware protection can be helpful and how to deploy it- as well as identify promising directions for future commercial or community work.