Tech Giants Team on Secure-Computing Standards
If companies can agree on similar APIs and are able to integrate various security measures and methods, security across the industry will become stronger.
Technology giants Hewlett-Packard, IBM and Sun Microsystems have announced collaboration with smaller security providers on an open-standards initiative to achieve more secure computing for their customers.
The initiative - which will include security companies Tripwire, RSA Security and InstallShield - is aimed at breaking down the security roadblocks presented by proprietary standards, which prevent integration of different security measures and products.
"A lot of the reason why we have some of these security problems is the proprietary standards," Forrester director of research Michael Rasmussen told TechNewsWorld.
Rasmussen said the secretive nature of the computer security industry often results in standards that are difficult to integrate.
"The whole concept of security, by the black-box approach where people can't get under the hood, leads to insecurity in a lot of ways," he said.
He added that if companies can agree on similar application program interfaces (APIs), for example, and are able to integrate various security measures and methods, security across the industry will become stronger.
"Having some type of standard everybody agrees on can help," he noted.
Safety in Standards
Aberdeen Group research director Eric Hemmendinger told TechNewsWorld that standards are extremely important for security, particularly from an interoperability standpoint.
In contrast to proprietary systems, he said. "you can point to a pretty good assortment of standards that make life easier."
Hemmendinger said standards such as secure sockets layer (SSL), X.509 - widely used in defining digital certificates - and IPsec, which is used to secure virtual private networks (VPNs), are among those that have bolstered network security regardless of vendor.
Open Security Debate
Hemmendinger, who said standards play a greater role in security than most people realize, alluded to an ongoing debate over the use of open standards.
While there are strong arguments both for and against open-source security, determining the right approach will depend on each situation as well as the prospect of making money selling open-source products, according to Hemmendinger.
He said the standards process inherently involves a significant degree of openness and time. He likened the process to the creation of legislation.
"You often get something less than you would hope for, but something the important players can live with," Hemmendinger said.
While the major players in the initiative - HP, IBM and Sun - are competitors in hardware, software and services, the companies have a vested interest in securing all of the computer systems their customers use, according to Sun's security product line manager, Mark Thacker.
"There are also joint customers," Thacker told TechNewsWorld, suggesting that the open standards initiative, an industry first, is a natural extension of Sun's relationship with other companies such as Tripwire.
Tripwire offers security products that are featured in Sun products. Thacker said the other vendors involved in the initiative have similar relationships with Tripwire and the other security providers.
Collaborate to Compete
Forrester's Rasmussen said the smaller security players involved in the initiative - which will be discussed further in a conference call to be held next week - indicates that the companies are trying to compete more effectively against other, larger security organizations, such as Computer Associates, Symantec and Network Associates.
"All of a sudden, the more independent players are realizing they have to integrate to compete better," Rasmussen said.