IBM backs public key security

Denouncing the lack of vendor commitment to Internet security standards, IBM Corp. yesterday lobbied for widespread adoption of public key infrastructure (PKI) standards at San Jose's RSA Data Security conference.

Under ongoing development at the Internet Engineering Task Force (IETF), PKI standards basically ensure that the people sending and receiving information are in fact who they say they are. In addition, PKI guarantees that the integrity of the data has not been compromised. While the IETF's PKIX standard--donated by IBM last year--has been verbally supported by numerous vendors, there is still a dearth of vendors actually shipping on the standard. "Difficulty in identifying other bodies has hampered the development of e-business," says Jeffrey Jaffe, IBM's general manager of SecureWay. "We want to remove vendor excuses for non-compliance."

Not only does IBM hope to spur increased adoption of PKI standards, it hopes to become a leader in security solutions. During today's keynote, Jaffe outlined Big Blue's security offerings, from its Domino secure server to its Tivoli application management software to its ethical hacking unit, which bombards customer sites to locate security holes. Amid video clips of IBM's pervasive hacker television spots, Jaffe also committed to moving Big Blue's 30 million Lotus Notes users over to the PKIX standard. "Without backers PKI is not going to take off... We are the backer," he says.

In addition, Jaffe took pains to differentiate IBM's end-to-end security offerings from security suites out on the market today. The term "suites," he says, connotes good products bundled with bad products to provide a total solution.

IBM, he says, partners with well-known vendors like Intel, Finjan and RSA Data Security to fill the holes in its security offerings. "You can't provide the best security solution on your own... IBM realises this," says Jaffe.