Competition Heats Up To Offer Secure, Manageable, Affordable Linux Operating Systems - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Competition Heats Up To Offer Secure, Manageable, Affordable Linux Operating Systems

Analysts caution against blindly believing that security designations will translate into a certain level of security in any given IT environment.

The race is on to deliver a version of the Linux open-source operating system that will be more secure than any of its predecessors but also manageable and affordable enough to garner widespread acceptance. Linux developer MandrakeSoft SA and a consortium of European software makers have tossed their hat into the ring, as has Trusted Computer Solutions Inc., a maker of software used by government agencies and businesses to securely transfer sensitive data.

Funded by the French Ministry of Defense via a three-year, $8.6 million (7 million euro) contract, MandrakeSoft, along with system and software developers Bertin Technologies Group, Jaluna, and Surlog, plan to develop a Linux-based operating system that meets Evaluation Assurance Level 5 of the Common Criteria, known by the designation CC-EAL5. Oppida, a service provider accredited by the French National Security Agency, will evaluate the new operating system against the international Common Criteria standard for IT security, also known as International Standards Organization 15408.

Trusted Computer Solutions' time frame is a bit tighter, as the company plans to release a beta version of its Trusted Linux operating system by the end of this year. The company plans to offer a generally available version early next year.

Trusted Computer Solutions began developing a more secure version of Linux to run underneath its SecureOffice data-sharing applications. The company expects TCS Trusted Linux will be certified at CC-EAL4.

TCS Trusted Linux, based on the National Security Agency's Security-Enhanced Linux specification, will be certified under the Labeled Security Protection Profile, Controlled Access Protection Profile, and Role-Based Access Control Protection Profile at EAL4.

Analysts caution against blindly believing that security designations will translate into a certain level of security in any given IT environment. EAL indicates the rigor of the evaluation process rather than the actual security capabilities of the system evaluated, Gartner research director Ant Allan wrote in a July research paper about Linux security. What's more important is for users to know which areas of the operating system were evaluated for certification.

"CC certification cannot guarantee that any Linux distro will be free of flaws," Allan wrote. "Bugs and patches are inevitable." Allan also noted that earlier this year, SuSE Linux Enterprise Server 8 with Service Pack 3 was awarded EAL-3+ certification under the Controlled Access Protection Profile.

Much of the highly sensitive data shared today by government agencies is still paper-based, says Ed Hammersla, Total Computer Solutions' chief operating officer. Before the company's SecureOffice apps can address that situation, they need a highly secure operating system that's easy and cost-effective to administer. "We couldn't find an operating system other than Trusted Solaris that met the security requirements for our applications," Hammersla says.

Operating systems that have achieved the "trusted" designation in the past, however, have cost several times more than their less-secure counterparts and been difficult to manage, Hammersla says. Trusted Computer Solutions wants its operating system to appeal to commercial businesses as well as government agencies, which is why TCS Trusted Linux is being developed on top of Red Hat Inc.'s Fedora Project, according to recognized standards such as Common Criteria.

Trusted Linux will eventually become the mainstream for the operating system, says Tony Stanco, associate director of George Washington University's Cyber Security Policy and Research Institute. "Security is on everyone's radar screen."

As more and more information is networked, the cost and difficulty of deploying a trusted operating system become less problematic than the threat of a security breach, Stanco says. This push toward Trusted Linux will provide the added benefit of driving down the cost to deploy highly secure systems. Says Stanco, "The economics of software are that it will eventually cost the same to implement a secure system as it will to implement a nonsecure one."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll