Saturday, May 27, 2006


AnalyZing the Analysts: Open Source and Security

Been thinking, what if industry analysts were to step up their game and actually started to provide useful advice to Fortune enterprises in the security space, would the world become a better place?

It seems as if it an almost weekly event where some laptop gets stolen that contains personally identifiable information or other sensitive data. Pretty much none of the operating systems that are in use contain the necessary mechanisms to prevent data theft. Maybe this is an opportunity for the open source community to step up? Maybe this is an opportunity for enterprises to not only use open source but start contributing to it...

The only way to meet growing legal and regulatory considerations around theft of data off laptops is by employing the notion of full disk encryption. Imagine if software in this space was not just built into the operating systems such as the upcoming Microsoft Vista platform but we took it one step further. I wonder if the folks over at Redmonk have considered advising Sun to consider putting this functionality into Open Solaris to get a one up on the Linux community?

There is one package that kinda fits in this space, Truecrypt but it has several flaws or lack of depending upon one's perspective. Fundamentally speaking, this project eschews any form of backdoor which makes it problematic for deployment in enterprise situations. Corporations in order to stay compliant to legal and regulatory are absolutely required to have the capability to respond to subpeonas by attorney generals and therefore need functionality where key escrow and recovery functionality is built in and ideally tied into a corporate identity store such as Active Directory.

Since analysts are only capable of recommending products but never solutions, I figured the blogosphere could help. I am thinking about pursuing funding to start a 100% open source full disk encryption project and would love to hear from other enterprises that are game to also contribute time, money or both. I also have on my radar, the creation of a 100% open source project to create a desktop firewall that can also be tied into GPO.

Would love to hear the communities thoughts on this idea...

Links to this post:

Create a Link

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?