Wednesday, October 16, 2002

Security: Interview with Sun's New Chief Security Officer

The Diffie-Hellman algorithm, introduced by Whitfield Diffie and Martin Hellman in 1976, was the first system to utilize “public-key” or “asymmetric” cryptographic keys. Diffie was recently appointed CSO of Sun Microsystems. This occurred shortly after Microsoft got religion about security and appointed Scott Charney as chief security strategist at Microsoft.

Sun's Security King
Cryptography pioneer Whit Diffie offers illuminating views on his ascension to Sun Microsystems' CSO.
Interviewed by Richard Thieme. CISO, Aug 2002.

... Where are the financial incentives for businesses to invest in security?

It's still difficult to show a quantifiable return on security investment to decision makers, isn't it?

The intrinsic costs - you can now do high-grade cryptography in ordinary chips, for example - have dropped a long way. The extrinsic costs affect things like, why can't you buy a secure phone for less? This is fundamental. If you can integrate things into the product line of a major manufacturer of equipment, you can get the overhead down to where the extrinsic costs will decline and cost-based resistance will decline.

After Microsoft's announcement that security is now a priority, Sun CEO Scott McNealey said that Sun didn't need to send out a letter to make that point. Yet that was followed pretty quickly by your appointment as advocate for Sun's security offerings. Where's the distinction?

There's a rift exemplified by the difference between myself and Scott Charney, chief security strategist at Microsoft. Scott is a policeman. Police think in terms of diagnosing things and retaliating. Security people think in terms of preventing things. Neither viewpoint is comprehensive, and it's foolish to say that either alone can be entirely adequate. My prejudice is in favor of security mechanisms, denial-of-objective mechanisms - as far as possible - using intrusion detection, diagnosis and response mechanisms wherever necessary...


Post a Comment

<< Home