How secret are IT’s secrets?
It’s a question that has to be asked when one thinks about any security software or hardware developer.
Think of the leading commercial names in security – McAfee, Kaspersky, Symantec, Cisco Systems, IBM, Hewlett-Packard, RSA and BlackBerry come immediately to mind but the list can go on – and the knowledge of network and applications their storage systems must hold.
Massive firewalls and encryption aren’t enough for them. Tight physical security has to be galaxy-class as well.
That’s what Symantec, which in addition to being a software vendor also issues digital certificates to verify the legitimacy of secure Web sites, wanted MercuryNews.com to understand when it gave a guided tour to reporter Steve Johnson recently.
(Symantec’s security operations centre)
Mind you, there are slips – RSA got caught last year, as did Dutch certificate authority DigiNotar in 2011. Which points to the need for certificate authorities to steel their own security. Unfortunately, as Johnson learned, there are no standards.
The inevitable conclusion is that certificate issuers have to work overtime to come up with ways to assure Internet users their systems are safe. With increasingly imaginative attackers out there, this is no time for the industry to be modest.
Read the whole story here