By Don Dugdale
Proprietary solutions to the computer security problem won't work and jeopardize the growth of the market for security solutions, UniForum '97 attendees were told by a representative of The Open Group in a plenary session. Allen Brown, vice president and chief operating officer, said agreed-on standards and specifications are needed for products to deliver the comprehensive security solution for heterogeneous systems that users are looking for.
"In the world as we've got it now, we're not going to have single-vendor solutions to security," Brown said. "It's not going to work across the Internet. I can't imagine that in a legacy environment, where people want to move to a single sign-on, they are going to be able to do that with a single-supplier solution."
The main thrust of The Open Group's plenary session was that since the Internet has made interorganizational IT a business necessity, no company can think of security as totally within its own confines anymore; therefore, it's time to get serious about setting widely accepted open standards for a security solution that will work for everybody.
It used to be that computer systems were secure just because they were hard to operate, said Mike Lambert, vice president and chief technical officer of The Open Group. "You needed a brain the size of a planet," he said. "They were perfectly secure because nobody had the slightest clue how they worked." With the coming of inter-enterprise distributed computing and the Internet, "All the rules changed," he said. "Now all companies have to be able to communicate with customers and suppliers. This is no longer a value-add, this is the cost of being in business."
In the new environment, "No company is in control of its IT systems," Lambert said. "No company can pretend any more that it's in control of its security, and there's a real market [for a solution]. After talking about IT security for two decades, we've got to the point where the majority of user organizations have recognized that it is important and something that they can no longer ignore."
"Getting serious about security does mean that, in the future, we will have to have organizations coming together and working together to agree upon how they're going to produce technology and specifications and products that deliver that heterogeneous security solution."
What the Open Group is working on is just such a set of standards and specifications that will unify user requirements and head off a potentially wasteful proprietary struggle between competing standards, Brown said. "Getting serious about security does mean that, in the future, we will have to have organizations coming together and working together to agree upon how they're going to produce technology and specifications and products that deliver that heterogeneous security solution," he said.
The Open Group has a program in place now, Lambert noted, that is supported by public information on its Web site (http://www.opengroup.org), linking the user to other public information about activities in the area of security standards. A public key infrastructure is one of the items being worked on with several organizations. "We spend most of our time talking to other people in this area," he said. "We are trying to pull this stuff together. A lot of our activity is spent in negotiations as a go-between for various groups of customers, many consortia, the European Security Forum and the vendor community."
How fast organizations are able to expand into the commercial Internet depends on how soon workable security standards are put into place that generate the necessary trust level, Brown said. It's now fairly easy for retailers not in the food or banking business to get into Internet commerce, since they face less risk to their reputations if something should go wrong via the Internet, he pointed out. But the difficulty for banks are especially high because not only is their reputation at stake, but the entry barriers are especially high.
"The buyer definitely needs to take security seriously, and suppliers stand to benefit from an open systems approach," Brown said. "It isn't until you actually standardize on something that the market can really grow. The buyers in The Open Group have a combined procurement power of about $36 billion a year and they work together to emphasize their need for standards."