While the computing industry has been working to tighten up the security of its products amid increasing threats from viruses and hackers, a truly trustworthy infrastructure is still a few years off, Hewlett-Packard Co.’s (HP) security head said in an interview this week.
“The old architecture is too open for today’s open world. We need the hardware, operating systems and applications to all be tightened up and work together to give us true trustworthy computing,” said Tony Redmond, vice president and chief technology officer of HP Services and the HP Security Program Office, during an interview in London Monday.
But it will take time, not just due to the amount of cooperation it requires of the vendors, but also because the average three-year corporate buying cycle delays adoption of new products into the market, Redmond said.
There’s at least one security product that HP hopes will immediately grab customers’ attention, however — its much talked about Virus Throttler technology, which is designed to slow the propagation of viruses or worms by limiting the number of network destinations that an infected server can attempt to reach. While it doesn’t completely stop the attack, it gives administrators time to identify and address the problem.
HP said late last year that the technology would be introduced in early 2005, but Redmond zoomed in on a launch date, saying that it would be available around the time of the RSA security conference, taking place in San Francisco Feb. 14 -18.
Because Virus Throttler will be available through a network driver, it serves as a “retrofit” to current technology and can be applied immediately, without waiting for an upgrade, he said. HP is making the technology available for ProLiant servers with Windows Server 2003 and Windows Server 2000, as well as ProCurve switches. Administrators will be able to download the technology and manage it through ProLiant’s Insight Manager.
“We are putting it at the first points of infection,” Redmond said.
Microsoft Corp. has already certified the driver and HP is currently doing testing to make sure the throttler doesn’t slow network traffic, he added. The technology could also be used on PCs, Redmond said, but he indicated that it may be awhile before the company tries to move the technology to the desktop.
Like many other security fixes, a lot seems to depend on Microsoft and what the next version of its operating system, Longhorn, due out in 2006, will support.
“I expect you’ll see an acceleration of security work when Longhorn goes into beta at the end of this year,” Redmond said.
One area HP plans to focus on once Longhorn goes live is further development on its embedded security hardware chip. The chip, which it calls Trusted Platform Module (TPM), is deployed on the motherboard and offers file and folder encryption, access control and other security functions. It’s an option already available on some HP PCs and notebooks but requires the user to do the setup work because it is not supported by the operating system, Redmond said.
That could change with Longhorn.
“Our conversations with Microsoft have led us to believe that Longhorn will be much better able to take on trusted platforms,” Redmond said.
HP is also looking to extend TPM to its Unix servers, but that may have to wait until Microsoft readies the server version of Longhorn, due out in 2007.
Microsoft isn’t the only industry player guiding the future of secure computing, however, as governments around the world, particularly in China and Germany, are also seeking to get their seats at the table, Redmond said. They want to make sure that the technology isn’t controlled by one group or government, not just for security reasons but as in the case of China, for commercial reasons as well.
“The Chinese government is very aware of the strength they have in this market. They have a huge market and want to have a strong voice,” he said.
And while a dramatic leap in computing security provided by more tightly integrated hardware security, a ferociously patrolled perimeter and improved management functions, appear a ways off, Redmond was confident that progress was under way.
In the meantime, HP’s security services business is booming.
“The most consistent thing we are seeing is CIOs looking to increase their spending on security,” Redmond said.