SAKA assumes the site is operating the appliance in a physically secure environment where only authorized personnel have access to the server.
Since the most critical elements of the SAKA server are in the Trusted Platform Module (TPM) or Hardware Security Module (HSM), SAKA takes advantage of security features enabled in these devices. The TPM cannot be removed from the machine without destroying its contents; the only way to steal a usable TPM is to steal the entire machine itself. However, launching a dictionary attack to defeat the TPM's protection engages firmware that slows down response time with each unsuccessful attempt. Thus dictionary attacks that depend of trying a significant number of passwords/ PINs against the system, will be thwarted by the slow response of the hardware device.
On appliances using the HSM, if the HSM is stolen from the appliance, it activates firmware that zeroes out the contents of the HSM if it is tampered with. This has the advantage that even if an attacker gets their hands on the HSM, they will not be able to acquire the cryptographic keys that protect sensitive data on the machine.
To recover from such an attack or a disaster to the SAKA, sites must plan for business-continuity by having a secondary appliance in a remote location where keys and data can be recovered for normal operations.