Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance

Hewlett Packard, IBM, Intel and Microsoft announced the launch of a new alliance, the Trusted Computing Platform Alliance. The Alliance has chartered itself with the mission of developing a new hardware and software specification to enable technology companies to use a more trusted and secure personal computer platform based on common standards. Alliance Chairman, David Chan of Hewlett-Packard says, "This workgroup was formed to define the necessary set of capabilities for a security subsystem that would allow a system integrator and solution provider to establish trust on a hardware platform." The Alliance also stated that "personal computers lack a standard set of system hardware-based functions needed to establish trust on the platform."

The cited mission is somewhat nebulous. Are they trying to help Microsoft learn how to secure their widely publicized operating system security holes? Are they trying to develop or certify a PKI (Public Key Infrastructure) solution? Or are they trying to develop desktop and server security standards for systems integrators and solution providers? Whatever their mission is, they plan on creating a proposal for a security specification of sorts by the second half of 2000. Their plan is to make the specification available through licensing subject to proper verification and implementation.

Market Impact

In a world of co-existing truths, it is likely that there are multiple purposes behind this alliance. Microsoft needs to gain consumer confidence in the security of its operating systems, and having two high profile Unix vendors, HP and IBM, on its side is certainly a good starting point. Compaq, HP, and IBM all want to sell servers, and without the confidence of a secure operating system, many organizations today who want a turnkey commercial off-the-shelf server solution are turning to vendors like Sun Microsystems and Novell. E-commerce is the prevailing internet market driver, and without security, financial transactions are a risk and a liability that smart businesses and organizations are not willing to take.

Though the Alliance may be hedging towards putting more security in the BIOS, there are no easy and quick short-cuts to securing information technology infrastructure. Most security experts agree that using a layered security model is the best approach. A layered model secures an organization's network, operating systems, and applications. According to Marcus Ranum, CEO of Network Flight Recorder, and the person most often credited for developing the first firewall, "What it seems they're saying is that they're going to develop hardware specs and BIOS extensions that will enable certain security services to the operating system. That's nice but if the operating system isn't good, security-wise, it won't matter what the hardware provides."

If nothing else, the formation of this alliance is sure to heighten security awareness in the information technology sector as a whole. Elias Levy, Chief Technical Officer of Security Focus and moderator of the well-known Bugtraq security mailing list says, "The alliance is a good idea and has potential. There is a great need to build security features into the basic structure of the computer and the operating system. Only when these features become universal will application writers start making use of them benefiting the end user. Although it is still too early to tell what the exact deliverables are that the alliance hopes to produce, it is encouraging to see these important companies at least attempting to solve some these security issues."



SOURCE:http://www.technologyevaluation.com/research/articles/compaq-hp-ibm-intel-and-microsoft-create-new-pc-security-alliance-15289/