With the threat landscape continuing to accelerate, IT professionals are looking to a mix of technology, policy and processes to beat the bad guys. It is this technological crime wave that is driving vendors to improve security features in their operating systems (OS).
This includes putting an encryption capability right into the OS. Heavy hitters like HP, Sun and Microsoft have jumped on the bandwagon to offer a greater level of security.
Only this week Hewlett Packard (HP) announced it is enhancing security features on the HP-UX operating system for its Integrity line of servers amid growing customer concern about network security breaches.
HP announced the availability of a free upgrade to HP-UX 11i v2 that automatically encrypts data as it is stored. HP has offered this capability before, but this upgrade puts the encryption capability right into the OS.
"If it's in the operating system, it's easily implemented without needing to do anything, and you're not going to break anything," according to Charles Kolodgy, a research director at IDC focused on secure content and threat management products.
IDC is about to release results of a survey of IT managers on their network security spending priorities for 2007, Kolodgy said. The survey will show that "file and folder encryption" has rocketed to the number one spot, from fifth in the 2006 survey, surpassing common concerns such as firewalls, network intrusion, viruses and spyware.
HP isn't alone. Sun Microsystems has added encryption capabilities to its Solaris OS that it originally offered only on its Trusted Solaris system for sensitive governmental use, Kolodgy said. And Microsoft is including an encryption feature called BitLocker in its new Vista OS.
"They are all attempting to bring these solutions to the end user," he said, but he added that the HP upgrade is improved over prior HP offerings.
HP is also offering an optional embedded chip on its Integrity servers that holds the digital keys to decrypt protected data. It claims this approach is more secure than software-based keys. Also, a new feature called HP Protected Systems allows a network security administrator to isolate certain data in unique compartments and configure different security settings for that data as needed.
Adding encryption capabilities directly to storage hardware can require an expensive upgrade, which enterprises can avoid with an OS upgrade, said Ron Luman, the security architect for HP-UX.
"What we have been asked to do [by customers] is provide something that is transparent to the applications and also transparent to the storage hardware, and so that means doing something to the operating system itself," Luman said.
But not everyone is sold on this emerging trend.