Is Security Key To Linux Small-Biz Success?

Linux security has long been a selling point for enterprise users. Could the right mix of smart marketing and high-profile certifications make Linux just as successful among small and midsized firms?

Jennifer Bosavage, Editor In Chief, Solution Providers for Retail

January 26, 2006

2 Min Read

Security Certified
Another argument against Linux, mainly by competitors, was that Linux could never be security-certified. This aspect has dissuaded enterprises that require those certifications, such as government institutions, from using Linux. Competitors also have argued that open source was too unwieldy and too undisciplined. Therefore, because the process could not be certified, the system could not be certified.

Yet as one of the biggest vendors notes, the criticism is unfounded.

"In fact, we found the opposite was true," says IBM's Frye. "It was easier and cheaper and faster to do the certification because it was open-sourced, and you have access to all the information you need, and because the design of the overall system is so modular." IBM, with SUSE Linux, claims to have achieved the first-ever security certification for Linux back in August of 2003.

The formal level to which Linux is certified today is CAPP/EAL4, and the next level, labeled security protection profile (LSPP) —a form of multilevel security that is fairly leading edge at the enterprise level —will take another year to achieve, according to IBM's Frye. CA (formerly known as Computer Associates) has its view on the security aspect as well.

"We believe that the way the kernel needs to be hardened is through something we contributed to the open-source community and that's a hardening of the hook," says CA's Greenblatt. "So when the system had to do an asynchronous or synchronous call to an event, we'd basically be able to harden it so it would call the event and that it would become trusted also."

But, not everyone is in agreement on the approach, and CA's efforts have not yet been accepted. "We've had it out there two years. So we are at an impasse with the 'kernel people' believing that Linux is secure enough and they don't need our stuff. Basically, at the last summit in Ottawa in April [it was decided] there was no reason to make any significant changes to Linux," adds Greenblatt. As in the past, 2006 is likely to see quite a bit of discussion and debate in and outside of the Linux community when it comes to security. Two things are likely, though: security will remain a priority with community members fixing patches almost as soon as problems are found, and the SMB segment will become, albeit slowly, more "Linuxized."

Read more about:

20062006

About the Author(s)

Jennifer Bosavage

Jennifer Bosavage

Editor In Chief, Solution Providers for Retail

Writing and editing from the IT metropolis that is Fairfield County, Conn., Jen is Editor In Chief of Solution Providers For Retail. In her role, she oversees all editorial operations of the site, including engaging VARs to share their expertise within the community. She has written for IT professionals for more than 20 years, with expertise in covering issues concerning solution providers, systems integrators, and resellers.

Jen most recently was Senior Editor at CRN. There, she was in charge of the publication's editorial research projects, including: Solution Provider 500, Fast Growth 100, Women of the Channel, and Emerging Vendors, among many others. She launched the online blog, "Channel Voices," and often wrote on career issues facing IT professionals in her blog, "One Year to a Better Career."

Jen began her tech journalism career at Electronic Buyer News, where she covered the purchasing beat. (That was so long ago that blue LEDs were big news.) Starting as copy editor, she worked her way up to Managing Editor before moving to VARBusiness. At VARBusiness, she was Executive Editor, leading a team of writers that won the prestigious Jesse Neal award for editorial excellence.

Jennifer has been married for 22 years and has two wonderful kids (even the teenager). To adults in her hometown, she is best known for her enormous Newfoundland dog; to high schoolers, for her taco nights.

See more from Jennifer Bosavage
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

thumbnail
Cyber Resilience
‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure
byShane Snider
May 6, 2024
3 Min Read
Ambassador-at-Large Nathaniel Fick at the RSA Conference 2024 in San Francisco.
Cyber Resilience
Questions for the Bureau for Cyberspace and Digital PolicyQuestions for the Bureau for Cyberspace and Digital Policy
byJoao-Pierre S. Ruth
May 16, 2024
5 Min Read
Business person draws a creative business project
IT Leadership
Why CIOs Are Under Pressure to InnovateWhy CIOs Are Under Pressure to Innovate
byLisa Morgan
May 15, 2024
8 Min Read
DNA (deoxyribonucleic acid) strand, illustration.
Data Management
DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?DNA is an Ancient Form of Data Storage. Is it Also a Radical New Alternative?
byRichard Pallardy
May 7, 2024
15 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now