IBM and SuSE Achieve Security Cert for Linux

The next major step for Linux might be to penetrate higher-security computing environments, primarily in government and financial services, thanks to a certification achieved by an open-source configuration from SuSE and IBM (NYSE: IBM), the companies said.

Calling it "the first ever security certification of Linux," Big Blue and German software maker SuSE said the Common Criteria Security certification is the next step in the maturation of Linux and marks the open-source software's readiness for mission-critical applications.

Aberdeen Group research director Bill Claybrook told TechNewsWorld that the certification will clear the way for Linux to push further into government and other environments in which the cost-savings are appealing and maturity continues.

"The government really wants to use Linux over other operating systems because it's inexpensive," Claybrook said. "It is a challenge, but I think [Linux] will move into government."

Open Challenge

IBM and SuSE said their configuration –- SuSE Linux Enterprise Server 8 on the IBM eServer xSeries platform –- secured an Evaluation Assurance Level 2+ certification (EAL2+) and proved that an open-source system could pass the evaluation process.

"The critics said this couldn't be done -– a certification for an open-source configuration," SuSE spokesperson Joe Eckert told TechNewsWorld. "We knew it could."

Calling it a "landmark decision" to submit to the testing, which cost an estimated US$500,000, IBM senior vice president of technology and manufacturing Nicholas Donofrio said in a statement that the certification validates the security of open-source software for governments and other industries.

Government Good

While government IT is dominated by the Unix operating environment and Windows on the desktop, Eckert said the public sector has been a boost for Linux.

"I'd call government sort of the key driver for a lot of Linux adoption," he noted. "Just like corporations, government needs to get more for less, so actually, governments are driving a lot of the adoption."

Eckert referred specifically to German and U.S. government markets. He said that while Unix has been king, Linux has the robustness and now the security to make it appealing "instead of waiting for Microsoft (Nasdaq: MSFT) server applications to catch up."

Replacing Unix, Displacing Windows

Pointing to the use of time-tested Unix in government and other security-sensitive computing applications, Aberdeen's Claybrook said that, while it will take years for Linux to phase into these applications, it will happen.

"Linux will certainly move into government and replace whatever they're using, which is mainly Unix," he said. "They're not going to replace it with Windows –- no way."

While other analysts have talked about the security-oriented apprehension associated with using Linux, Claybrook downplayed any closed-mindedness toward the open-source system.

"I don't get the impression people are any more concerned about security with Linux than they are with anything else," he said.

Eckert noted that the companies secured the Level 2+ certification they were seeking and also have filed for a higher-level security certification, the Controlled Access Protection Profile with EAL3+, which is expected to be bestowed later this year.

Next Level for Linux

SuSE and IBM said the "security milestone" will allow Linux to be used more in global government as well as other security-intensive environments.

"It opens the door in government, financial services and any application where security is important," Eckert said.

He added that the certification and the security reputation it brings with it also will help Linux move deeper into corporate-computing environments, where open-source software already has made significant gains.

"This really paves the way into the datacenter, where security is crucial," he said.