AlwaysOn: Securing the Internet

George Gilder revisited his trope about all optical networks, with software hardening at the center and trusted platform hardware softening at the edges, during his panel on securing the Intenet at the AlwaysOn Stanford Summit. "Moving security all the way to the edge seems to me to be a better solution than giant routers in the center of the network," Gilder said. Of course,  the all optical network hasn't arrived yet, much to Gilder's chagrin.

The discussion among the panelists--John Stewart, vice president and CSO, Corporate Security Programs Organization at Cisco; Greg Pierson, CEO of iovation; Greg Papadopoulos, CTO and EVP of Research and Development at Sun; and Kevin Hassett, Director of Economic Policy Studies at the American Enterprise Institute--was all over the security map, from identity fraud and trusted networks to layered architecutres and routers.

"The biggest threat we have is making the Internet too secure," said Sun's Papadopoulos. "We have the technology and it will evolve, and some startups will make lots of money [solving security problems]. I wish we could do really good digital rights management. It's important that people get to break the law, it's a way of progressing how the law works. If you get absolute control that may stop experimentation in doing derivative works, commenting on other people's content [the Larry Lessig view on digital rights], and that's bad. The other view is that a lot of protocols done in the name of security end up being highly closed, with control in the hands of one company. We see that as a potentially big threat. For example, with the Trusted Platform, who say what is trusted?"

Sun has been evangelizing DReaM, an open standards and open source DRM (digital rights management) technology under the auspices of an organization called the Open Media Commons.

At the same time, engineering work needs to be done on the endpoints, but a lot more work needs to be done to get trust relationships on the Net to support more robust forms of commerce, he added. 

"I don't believe in a single authroity for identity," Papadopoulos said. "It's important to federate and build trust networks. Google, eBay and Microosft should all be successful and be able to peer. The danger is any one of them taking it all over and using the security flag to prevent others from interoperating with their network." Sun is one of the main players in the Liberty Alliance, a consortium focused on establishing standards-based federated networks, similar to how the ATM banking system works.

For Papadopoulos continuous refilling of the leaky security bucket, rather trying to come up with a grand, ultimate solution to all security problems is the preferred path.
Cisco's Stewart said that since the days of castles, layered defenses have always provided the best protection. "Security in its very broad sense should in fact be a component of everything," he said, referring to putting a security device in front of another device to protect it--such as embedding security in a router.

Papadopoulos chimed in again, asserting that security isn't about inside versus outside anymore. "That's the old think. You have to look at how you conduct business, the computer in relation to public spaces, what kind of IP rights there should be and how much should mechanisms be applied to aid in that."

Of course, Papadopoulos isn't prepared to put his medical records on the Internet. "I don't trust the mechanisms on the Internet to allow that level of personal informtion out--it just takes one of the end points to be compromised. Leaky bucket indeed...