If you are considering becoming a 1M/1M premium member and would like to join our mailing list to receive ongoing information, please sign up here.

Subscribe to our Feed

Trusting Untrusted Computers (Part 3)

Posted on Sunday, Sep 28th 2008

By Taher Elgamal, Guest Author

I continue my discussion of how to trust essentially untrustworthy networks, software, and hardware by addressing what works and what sells in the information security industry. In last week’s post, I outlined strategies we can implement to build customer trust in networked systems. Here I begin to look at the problem from an entrepreneur’s perspective: how does one build and grow a business, and how does that relate to solving real security issues and problems? Obviously, there is no easy way for us to draw general conclusions about such a complicated industry, so I thought the best way to address these questions was to discuss examples of successes and failures in the industry.

There are a few observations that characterize many information security situations:

  • Simplicity or transparency of security technology is essential to success.
  • Business needs often conflict with individual end user needs.
  • There is a distinction between focused solutions that address niche areas and attempted general solutions devised to solve many security problems.

There are other, more specific concerns to be addressed when developing customer solutions, as is evident in how the information security industry is organized. Below I list the areas of the industry according to their value to the customer (business or consumer):

  1. Infrastructure security
  2. End user security
  3. Application security
  4. Data security

It is not that easy to classify every information security solution in the market under one of these categories, and some of the classifications I will make almost arbitrarily, but I have found that some classification is necessary for this discussion.

Let’s consider the most successful space in the information security market, virus protection. It is common knowledge that the number of viruses and other forms of malware is growing faster than ever before. All successful products in this space depend on generating and recognizing signatures for known viruses. Such an approach can protect against the infection and spread of these known viruses, but it of course cannot protect against new and unknown threats.

This segment is part 3 in the series : Trusting Untrusted Computers
1 2 3 4

Hacker News
() Comments

Featured Videos