Security breaches on networks in both the public and private sector have become such common news events that people are growing numb to them. With this numbness comes a sinking feeling that organizations can no longer trust information technology to deliver economic and social benefits and that sooner or later every machine they own will betray them. But IT professionals can restore confidence in IT infrastructures by building them on a foundation of trustworthy systems.
Four characteristics differentiate trustworthy systems from their generic counterparts:
- Technology vendors build security and reliability into their products from the beginning of the design process. This differs significantly from the “computer as universal machine” concept that treats these features as an add-on to an otherwise security-agnostic device. Rigorous product development takes security into account in all phases of the product life cycle -- specification, design, build, deploy, maintain and retire.
- Products comply with government and industry standards that apply to the customer’s requirements. In the public sector, this includes standards such as FIPS 140-2, FISMA and Common Criteria. Compliance is validated by independent auditors and documentation is made available to customers.
- Manufacturing and delivery supply chains are secure. Vendors ensure the quality of systems, subsystems and components -- manufactured both in-house and by third parties -- as well as the integrity of manufacturing and distribution processes. They also build in authenticity and anti-tamper features that validate the origin of their products.
- Companies make the necessary investment in their people, processes and technologies and take a transparency-first approach to customer relationships. They know trust is earned by delivering on their promises and it is very fragile.
Trustworthy systems are the strongest links in an IT infrastructure’s security chain because of built-in features, standards compliance, supply chain integrity and solid business practices. But trustworthiness should not be confused with immunity when it comes to network attacks. These systems are intended to strengthen security practices, not replace them. IT managers need to be smart about their operations and maximize all safeguards. Otherwise security features become an easily evadable strong point in a weak overall defense.
A trustworthy system does more than just meet minimum standards compliance requirements at the time of purchase. The key is to work with a vendor that meets commitments throughout the product’s lifecycle. Transparency is the first and most important characteristic. A company should document all aspects of product development and qualification, standards compliance certifications, and supply chain and manufacturing processes. Industry reputation and customer references are the next checkpoint. What do industry analysts, partners and customers say about a vendor? How does the vendor treat your organization?
IT managers can place trust in a system if they can independently verify vendor claims about its products and can maintain its reliability as technologies, standards and threats evolve. Even then, breakdowns can occur, and the question is whether the system acted up or suffered a successful attack. A track record of trustworthiness creates a baseline from which IT leaders can recognize an internal problem and take appropriate action.
The extra efforts required to design, build, validate and maintain trustworthy products make them more expensive than others. But the added costs are quickly paid back in better reliability and information protection, fewer remedial actions, and higher public confidence in the services these systems deliver. Now that’s worth it.
John N. Stewart is senior vice president for Threat Response Intelligence and Development at Cisco Systems Inc.