Is Security Key To Linux Small-Biz Success?

Linux security has long been a selling point for enterprise users. Could the right mix of smart marketing and high-profile certifications make Linux just as successful among small and midsized firms?

Jennifer Bosavage, Editor In Chief, Solution Providers for Retail

January 26, 2006

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Security Certified
Another argument against Linux, mainly by competitors, was that Linux could never be security-certified. This aspect has dissuaded enterprises that require those certifications, such as government institutions, from using Linux. Competitors also have argued that open source was too unwieldy and too undisciplined. Therefore, because the process could not be certified, the system could not be certified.

Yet as one of the biggest vendors notes, the criticism is unfounded.

"In fact, we found the opposite was true," says IBM's Frye. "It was easier and cheaper and faster to do the certification because it was open-sourced, and you have access to all the information you need, and because the design of the overall system is so modular." IBM, with SUSE Linux, claims to have achieved the first-ever security certification for Linux back in August of 2003.

The formal level to which Linux is certified today is CAPP/EAL4, and the next level, labeled security protection profile (LSPP) —a form of multilevel security that is fairly leading edge at the enterprise level —will take another year to achieve, according to IBM's Frye. CA (formerly known as Computer Associates) has its view on the security aspect as well.

"We believe that the way the kernel needs to be hardened is through something we contributed to the open-source community and that's a hardening of the hook," says CA's Greenblatt. "So when the system had to do an asynchronous or synchronous call to an event, we'd basically be able to harden it so it would call the event and that it would become trusted also."

But, not everyone is in agreement on the approach, and CA's efforts have not yet been accepted. "We've had it out there two years. So we are at an impasse with the 'kernel people' believing that Linux is secure enough and they don't need our stuff. Basically, at the last summit in Ottawa in April [it was decided] there was no reason to make any significant changes to Linux," adds Greenblatt. As in the past, 2006 is likely to see quite a bit of discussion and debate in and outside of the Linux community when it comes to security. Two things are likely, though: security will remain a priority with community members fixing patches almost as soon as problems are found, and the SMB segment will become, albeit slowly, more "Linuxized."

Read more about:

20062006

About the Author

Jennifer Bosavage

Editor In Chief, Solution Providers for Retail

Writing and editing from the IT metropolis that is Fairfield County, Conn., Jen is Editor In Chief of Solution Providers For Retail. In her role, she oversees all editorial operations of the site, including engaging VARs to share their expertise within the community. She has written for IT professionals for more than 20 years, with expertise in covering issues concerning solution providers, systems integrators, and resellers.

Jen most recently was Senior Editor at CRN. There, she was in charge of the publication's editorial research projects, including: Solution Provider 500, Fast Growth 100, Women of the Channel, and Emerging Vendors, among many others. She launched the online blog, "Channel Voices," and often wrote on career issues facing IT professionals in her blog, "One Year to a Better Career."

Jen began her tech journalism career at Electronic Buyer News, where she covered the purchasing beat. (That was so long ago that blue LEDs were big news.) Starting as copy editor, she worked her way up to Managing Editor before moving to VARBusiness. At VARBusiness, she was Executive Editor, leading a team of writers that won the prestigious Jesse Neal award for editorial excellence.

Jennifer has been married for 22 years and has two wonderful kids (even the teenager). To adults in her hometown, she is best known for her enormous Newfoundland dog; to high schoolers, for her taco nights.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights