Security: Best practice or ancient ritual?
Time to scrap ISO 27002 security standard says its author
By David Lacey | Computerworld UK | Published 16:06, 12 January 11
You need big dreams and deep pockets to introduce a revolution in security technology. Trusted computing is a classic case: an innovation driven by visionary developers and serious investors, such as Steven Sprague, CEO of Wave Systems. Sprague is a man with a ten year vision and a family history of invention, who has invested his career and money in trusted computing. His company, Wave Systems, built the EMBASSY chip, the precursor to the trusted platform module, as well as the management software.
Sprague’s passion for innovation is not surprising, given his family pedigree. The Sprague family are famous for inventions and technology. His great grandfather, Frank Sprague, was the “father of electric traction”. He invented the elevator and developed the technology that made the London Underground feasible. The family went on to become entrepreneurs and manufacturers of electronic components.
Steven’s father, Peter Sprague, chaired National Semiconductor for thirty years, building it from a small semiconductor manufacturer into a global, billion dollar industry. “When I started we made 3,000,000 transistors for $1. When I left we put 3,000,000 transistors on a $1 chip and our sales were over $2 Billion.” He also introduced chips into cars, when he briefly owned Aston Martin in the 1970s.
Steven’s contribution to the family tradition is the blueprint for a ‘layered’ security infrastructure across extended enterprises. Refreshingly, his vision is a ten year one, not constrained by tactical performance targets. Wave’s most visible contribution so far has been the realisation of the self-encrypting drive. Wave’s engineers collaborated with Seagate Technologies in the development of this revolutionary product, and produce the underpinning management software.
But the most fascinating developments are yet to come. Now that we have a large population of trusted platform modules out in the field, we can develop universal security solutions across any community. Just imagine, for example, if we enabled strong authentication and encryption for networks such as Facebook. That would certainly revolutionise our perspective of security.
The secret of success
What’s the secret to being a successful entrepreneur and manufacturer? Steven Sprague’s family have been doing it for more than a century. I put this to Steven while he was in London for a Trusted Computing conference. His advice is simple but powerful. “Firstly, don’t aim to pull the wool over people’s eyes. Do the job properly. It slows down development but pays dividends in the long term. Secondly, take a good, hard look at the future: paint a clear vision of where you want to be, and stick to your goals. And thirdly, when you get up in the morning, aim to keep moving the ball in the right direction”.
One thing is certain: We need much greater vision and investment in new security technologies. Today’s security marketplace is characterised by just-good-enough products, designed to maximise short-term sales and profit margins. Tomorrow’s security threats demand rigour, openness and longevity. Trusted computing is one of the few bright prospects on the horizon that enables such innovation.
David Lacey is a Director of Research for ISSA-UK, and security thought leader. His new book, Managing Security in Outsourced and Offshored Environments: How to safeguard intellectual assets in a virtual business world, is out now and available here
