Industry Heavyweights Tackling Online Security Issues

Separate industry-wide initiatives led by Sun Microsystems and industry powerhouses Compaq Computer Corp. (Nasdaq: CPQ), Hewlett Packard (NYSE: HWP), IBM (NYSE: IBM), Intel (Nasdaq: INTC), and Microsoft (Nasdaq: MSFT) are seeking to secure online business by collectively creating an industry standard for securing personal computing environments.

Sun Microsystems, Inc. (Nasdaq:SUNW) launched its SunTone program today, featuring new technology aimed at defining and delivering service level guarantees for network-based services such as e-mail, e-commerce and enterprise applications. A consortium of more than 50 Industry Service Providers (ISPs) Network Equipment Providers (NEPs) and Independent Software Vendors (ISVs) are participating in the initiative.

Meanwhile, the newly formed Trusted Computing Platform Alliance (TCPA) has already moved to issue a specification proposal — set to be delivered by the second half of 2000 — aimed at developing hardware and software security standards. The resulting standard will be openly licensed to members of the industry in order to promote large-scale adoption.

Following The Sun

The Sun Microsystems SunTone Service Delivery Architecture Specification 1.0 requires ISPs to meet minimum standards in hardware and software infrastructure.

Through a licensing agreement with Sun Microsystems, ISPs that meet or exceed these standards and meet all other program requirements are eligible to claim SunTone certification and use a logo indicating compliance with the SunTone standards.

Operational processes are also addressed with the goal of delivering superior, predictable levels of service, and significantly, maximum operation during peak periods of increased demand. The initiative is ambitious enough to require speed and efficiency, as well as security and privacy.

Predictably, industry leaders are jumping on the bandwagon, as the SunTone Architectural Council includes names like Excite@Home/@Work Division, Xerox, Lucent Technologies, Oracle, GTE Internetworking and Nortel Networks, among others.

Securing the E-Commerce Explosion

“Security solutions, which must be designed from top to bottom, not incrementally, will become more critical to e-business as security concerns increase,” commented David Farber, a University of Pennsylvania professor. “With the formation of the Trusted Computing Platform Alliance and by making it open to broad industry participation, I believe that the TCPA will benefit the whole information technology industry by enabling a more secure solution to doing business on the Internet.”

Complementing current technologies such as biometrics, smart cards and SSL (secure socket layer), TCPA will work on a standard to enhance security at the BIOS, OS (operating system) and platform hardware levels. The alliance-developed specification will also address digital signatures, encryption key generation and secure information storage.

“The widespread adoption of Internet-based electronic commerce will depend on significant improvements in the security capabilities of current PCs,” stated Brian Gladman, an independent security consultant. “I am delighted to find that the Trusted Computing Platform Alliance is investing is such developments by fostering international, industry-wide cooperation on the requirements and technologies needed for a truly secure computing platform.”

Lingering Security Concerns

Despite an intensifying industry focus, online security has remained a concern for consumers, as expressed in recent studies by both Jupiter Communications and Rockbridge Associates. According to many experts, the job of securing e-commerce sites is still a work in progress.

A study published this past summer indicated that e-commerce operations are 57 percent more likely to experience a security breach than other online sites, and 24 percent more likely to be the target of a hacker/cracker attack. E-commerce companies involved in the study have been affected by all examined breach categories.

“The 1999 Information Security Industry Survey” — published by ICSA, Inc., through its Information Security Magazine — collects data from a survey that took place earlier this year, polling 745 administrators, managers and executives working in the data management, IT, networking and security fields.

According to the survey, the number of companies that have been hit by a hacker/cracker attack increased 92 percent from 1997 to 1998. With regard to financial losses that have resulted from all security breaches, the average amount was $256,000 (US$), with 91 respondents, however, indicating a total of $23.3 million.

An Open Invitation

TCPA has invited members of the industry to join the alliance, helping to define the areas of the specification. Veridicom, Inc., a provider of personal authentication solutions, has answered the call, offering to help establish standards for technology that will eliminate passwords by allowing PC users to utilize fingerprints and other biometrics technologies for security purposes.