Trusted Computing Group Blog

Trusted Computing Goes Global in October - TCG

2009-11-03T00:00:00-08:00

Hello to those in the computing and security communities. TCG continues to work to improve the security of computing. Not only do we develop specifications based on input from 100+ member companies, we also do a significant amount of education and outreach on the specifications and how they can be used. Here is a quick rundown of some recent efforts, with links to more detail:

RSA Europe: Oct. 20-22, TCG and member companies General Dynamics C4 Systems, Great Bay Software, Lumeta and Wave Systems hosted demos, including the first demonstration of High-Assurance Platforms (HAP) from the U.S. National Security Agency running multiple operating systems with multiple security domains. Not familiar with the HAP program? Read more about the High Assurance Platform Program. In short, this is "a multi-year NSA program with the vision to define a framework for the development of the "next generation" of secure computing." the program is using Trusted Platform Modules, Trusted Network Connect and other TCG specifications. Complete descriptions of the TCG demos can be found here.

If the TPM, TNC and other TCG specifications are in use at the NSA, should you consider using them to protect your systems, network and data?

Also at RSA, a real user of Trusted Computing spoke on his experiences. Carlos da Silva is with European integrator SureSkills, and he shared his best practices and checklists for implementing a project for data protection, using self-encrypting drives (based on TCG specifications). "Integrating Trusted Computing Technology in the Enterprise" was presented during the Customer Case Study Session.

Another interesting new twist in security is the convergence of physical security with IT security. TCG member Hirsch Electronics has been active on this front, demonstrating how employee access into a building can be directly tied to network access and security. Recently, at a leading physical security conference, Hirsch demonstrated this capability, which uses TNC specifications. A recent article also highlights key aspects of this convergence and how systems that use TNC and physical work. Learn more from TCG Member Bob Belile's article "Extending Trust and Security." TCG's TNC Everywhere: Pervasive Security Brochure provides detailed information on ways Hirsch is doing this.

Any doubts that TCG is a global organization? Last month, Steve Hanna, Juniper Networks and co-chair of the Trusted Network Connect work group, traveled to India to speak to attendees of Interop Mumbai. The well-attended event attracted ICT vendors and users from all over the country. Steve's presentation, "Coordinated Security: A New Paradigm," described using Trusted Computing to secure data, systems and networks.

Watch this space for more updates, news and resources, and don't forget to check us out on Twitter (TrustedComputin) and on LinkedIn, in the Trusted Computing Group!

Keeping the Trust: Musings on Trusted Computing Group - Scott

2009-08-18T00:00:00-08:00

While the tech industry seems to go silent in August with vacations and a lull in events, the Trusted Computing Group continues to move forward to advocate trusted platforms that take advantage of a hardware root of security. This summer, we have seen much activity around self-encrypting drives. Did you catch the recent announcement of the first solid-state encrypting drives, from TCG member Samsung?

Another TCG member, Dell, is using these with member Wave's software to ensure that data is protected against loss and theft, and the TPM protects keys from attack. Other TCG members continue producing self-encrypting hard drives, and this month, Dr. Marco Sanvido of TCG member Hitachi addresses the Flash Memory Summit about TCG specifications for use in future self-encrypting flash drives.

On the network security front, our very own Steve Hanna has been invited to deliver a keynote address at Interop Mumbai, Oct. 7-9. India is one of the world¹s leading IT markets, and this is an exciting venue to share information about TCG¹s Trusted Network Connect specifications and how they're being used.

Speaking of world markets, inside our organization, we are delighted to announce the appointment of Jing De Jong-Chen of Microsoft as vice president of TCG. Jing is director of government security at Microsoft and works with IT and government security experts around the globe on the latest developments in securing data, systems and networks. Jing's impressive bio can be found on TCG¹s site.

We also are thrilled that we can work daily with TCG treasurer Boris Balacheff, HPLabs Systems Security Lab, Hewlett-Packard. Boris works in the UK for HP's European research Labs and is widely experienced with TCG technology going back to his contributions to the design of the first TPM specifications. Today, besides providing critical governance for TCG money matters, he co-chairs the Certification Program Committee that recently delivered the first TCG Certification Program for TPM v1.2.

For those tracking on the TPM certification program, announced in June, members are signing up for the program and we hope to publish a list of certified products soon. The certification program will demonstrate security and correctness of specification implementations and will give buyers an easily identifiable way to ensure consistency, interoperability and security of products. Stay tuned for news on our next effort: certification of products using Trusted Network Connect specifications.

Many in the international development community were cheered by our recent announcement of ISO standardization for the TPM.

TPM Goes International (Standard, That Is) - Scott

2009-08-05T00:00:00-08:00

It's official! The Trusted Computing Group's Trusted Platform Module has been named an international standard by ISO , the International Organization for Standardization.

ISO, as many of you know, is the world¹s largest developer and publisher of international standards, with participation from experts in 161 countries and considered the leader in standardization.

Why does it matter if the TPM is now an ISO standard? After all, the TPM has been a successful TCG standard for more than five years. It was created with input from dozens of technology companies worldwide and is in use now in hundreds of millions of PCs and embedded systems, where it provides authentication and attestation to provide a chain of trust that is hardware-based and therefore inherently more secure than software security. The TPM plays a key role in securing networks and data and provides additional security to other specifications, like Trusted Network Connect and Trusted Storage, created by TCG.

Nevertheless, adoption by ISO represents a vital endorsement of the TPM standard we have produced. ISO is recognized by governments worldwide as the go-to body for formal international standards, and inclusion of the TPM in the ISO standards portfolio provides governments and developers with assurance of the quality and longevity of the specification. Ratification by ISO also demonstrates the true international acceptance of the TPM specification. Read more in our news release about this event.

As an ISO specification, the TPM is truly a worldwide standard, and we hope that with this news, market acceptance and usage of the TPM will continue to broaden. Congratulations to the many individuals who have contributed to this effort and to our members who have worked hard over the last few years to make this announcement possible.

Google, Twitter and Trust in the Cloud - Brian

2009-07-16T00:00:00-08:00

This week brings yet another round of security incidents, including the news that some confidential business documents from Twitter were accessed via Google’s apps service, delivered through the cloud. Here at Trusted Computing Group, we continue to be amazed at how users and enterprises do not use commonly available and inexpensive solutions to enable trust – trust that would help prevent many security leaks and protect data.

For example, if users enabled their Trusted Platform Modules, or TPMs, to protect critical information including their log-in information, attacks would be thwarted. The TPM protects user credentials with a secret that is stored in the TPM. The ability to release a credential to website requires the user to authenticate to the TPM to release credentials to given services. The TPM is included now in most every enterprise notebook and desktop PC along with various software applications to enable it and manage it.

The second and maybe more interesting opportunity is for web service providers to recognize machine authentication as a useful and mandatory action for allowing users to gain access to services in which they subscribe. As an example, a user could authenticate to their credentials protected by the TPM, the machine could authenticate to a service, and the service provider could then attest that the machine asking for access is a authorized machine with an authorized user. This would provide higher assurance for the ecosystem participants, who would like to have both their access and credentials authorized by both the user and service provider who provides a service.

All of us do this every day in the real world when we physically buy a good or service. Everyone in the physical world provides some level of authentication when they acquire some sort of good or service. We should do the same in the digital world. The cable TV market figured this out a long time ago. They decided that set-top boxes should have an authentication token and credential to enable the consumer to get services to an authorized machine. Cable providers also determined that the service was controlled by the consumers ability to pay for that service. What do we have? a service that works when requested, the service provider is pleased because authorized users receive the service, and the ecosystem is satisfied.

The PC is a enormously powerful device that can work just like a cable box or a services platform for users and providers to have a trusted relationship to eliminate the third party who is trying to disrupt, steal and cause service interruption for consumers who just want what they want: a platform that provides services on demand, when they want them.

Updates from the TIW Cylab at Carnegie Mellon University - Bob

2009-06-11T00:00:00-08:00

I gave a presentation the last couple of years at a workshop in Europe called the European Trust Infrastructure Summer School, which seemed like a great idea.

They brought in Ph.D. students from all over Europe to learn how to actually program Trusted Platform Modules, both real and virtual ones. They also came to hear about more advanced technologies such as TCG self-encrypting drives and TPM virtualization. The event runs for a whole week, with all meals and lodging, day and night. Some substantial number of the Ph.D. students get a full scholarship to the event.

To make a long story short, with financial help from NSF, NSA, HP, IBM, Seagate, and Sun, we are in the middle of the event for North America. Over a hundred Ph.D. students are here at Cylab at Carnegie Mellon University, and the workshop concept works here, too! The venue is not just to talk TCG, but to present and discuss many alternatives to the TCG solutions as well as how the TCG solutions compete and complement. We have in-depth talks from many of the best dissenters, including Ruby Lee from Princeton and Adrian Perrig from CMU, but also key talks from TPM experts David Grawrock and Dave Challener presenting the community with what TPMs actually do. The dialogue is great and with so many great speakers, great labs, and Ph.D. students, the discussion is getting livelier and livelier. I have long believed that if people on different sides of the fence can inform each other in an academic environment, much can happen, and it looks like it's happening. Thanks to ETISS in Europe for inventing this one, but we can bring more Ph.D. students to the
party!

See www.cylab.cmu.edu/tiw for the U.S. Event information and http://www.softeng.ox.ac.uk/etiss/index.html for the most recent European one.

The 3 Major Barriers to Cloud Computing - Greg

2009-05-28T00:00:00-08:00

I recently posted about the Dizzying Economics of Cloud Computing when it occurred to me that the technological barriers must be equally mystifying for many. So I thought I would initiate a discussion about the barriers to the adoption of cloud computing by the enterprise.

At stake are the valuations of a gathering storm of public companies in technology, from Cisco, Juniper, F5 Networks, VMware, IBM, VMware, Microsoft and Citrix to advertising player Google and bookseller Amazon. The shape of adoption and growth will be impacted by how these barriers are addressed.

As I mentioned in "Dizzying Economics..." there is a business case war coming between the current cloud providers and the enterprise IT world. As these barriers are broken with innovation, cloud will move from consumer and SMB (small medium business) into larger and larger enterprise deployments. As a networking pundit, I see the three barriers in a network-centric perspective, from network security to the physical network and network management requirements.

Cloud Will Depend on New Approaches to Security

The biggest payoff of cloud computing comes from its potential to consolidate millions of servers (and the considerable amount of management and energy expenses) into dynamic meshes that can be created on demand; transforming IT from hardware-bound silos into just in time IT services delivered at any time from the most advantageous location.

Yet each one of those silos today is protected by a variety of mostly static security technologies. There are few viable solutions to the movement and change enabled by VMotion, or the ability of a server to move to its most cost-effective location at the time it is spun up. And most of those solutions were architected for specialized hardware, not commodity blade servers.

Today's world of network security solutions were simply not architected to keep up with the movement required for cloud to deliver on its promise of consolidation and cost efficiencies.

Yet without that movement, cloud just becomes another silo with tactical automation. One of my favorite blogs for cloud security is Chris Hoff's blog. Rather than drag you through the issues, check it out.

VMware purchased my alma mater Blue Lane Technologies last year. I think it was a smart move to address the emerging needs of its data center customers lured by the promise of cloud computing.

Cloud Can Break Static Networks

This year there has been a surge of content about Infrastructure 2.0 or dynamic infrastructure. Out of the discussion have been some interesting comments by conversation participants, from Cisco's Doug Gourlay and James Urquhart to F5's Erik Giesa and Lori MacVittie and VMware's Mark Thiele.

The network effects of cloud computing, which broke through the noise at a Cisco data center blog in December 2008, kicked off a discussion of multiple issues: from network switching to network management challenges. Cisco's Gourlay will be talking about the impact of cloud on the network at the exclusive, "thought leaders only" FIRE Conference later this month in San Diego. Don't expect him to pull any punches.

The physical hardware switching issues are being addressed but the leading players are by no means finished with what needs to be done in order to enable the pulsing fabric needed to ensure the cloud's integrity and business case promise. There have been an exciting and relevant string of announcements, including Cisco's UCS, VMware's (8 blade) cloud OS, and Citrix/Xen/KVM virtual networking stack, not to mention the Juniper and IBM global cloud push.

Network Automation is Critical

With increased movement and growing legions of connected devices (from netbooks and multifunctional cell phones and traffic-rich gadgets there is a burgeoning need for networks to move from manual configuration to automation of menial and high risk tasks. There are therefore a host of appliances that are likely to get grouped from the current Wild West into a single category because of their ability to automate the management of networks. They include IP address management and dns appliance offerings, in addition to network monitoring gear.

Infoblox (my employer) is approaching the network effects of the cloud by leveraging its expertise in core network services DNS to deliver an integrated Grid technology solution, while others are offering specialized subsets with (I suspect) the longer term intention of being bundled into broader offerings.

As the cloud tears down silos, one trick pony solutions (including freeware) will have an uphill battle for relevancy, especially as enterprises tear down silos. That is why I left Blue Lane during the VMware acquisition for Infoblox. CIOs are about to discover the significance of the network and core network services to unleashing the power of cloud. On demand It services will require unprecedented levels of automation and integrity.

The nature and extent of how the tech leaders address, security, physical infrastructure and network management barriers will impact their market valuations and growth potentials. You can expect a fresh round of partnerships, acquisitions and startups to reignite the tech sector as the economy stabilizes and enterprises shift to making strategic new investments.

I am a senior director at Infoblox. You can follow my comments in real time at www.twitter.com/archimedius or catch the conversation as it happens at www.infra20.com.

TCG Extends Trust and Security to Networked Physical Security Yields Physical and Logical World Dividends - Bob

2009-05-26T00:00:00-08:00

With the ongoing connection (convergence) of physical security systems (physical intrusion detection, physical access control, and video surveillance) to networks, all organizations should recognize both the opportunity to use physical security data in new ways as well as apply the proper security measures to protect both these devices and the network itself, much like any other traditional network-connected computing device.

Regardless of whether these systems are placed on a separate IP network or share a common network infrastructure with other business systems, experience has repeatedly shown the potential for system and network compromise must be mitigated such that malware, viruses, denial of service and other attacks do not affect any mission-critical system or application. The Trusted Computing Group has addressed these problems in its Trusted Network Connect (TNC) specifications. Until now, there has been no standard way to implement this functionality.>

In particular, TNC's IF-MAP, which refers to Interface Metadata Access Protocol, is a simple, free, easy way for all vendors, including physical security system vendors, to enable communication among any sort of device on the network. When implemented, the IF-MAP specification lets devices talk to each other and share important data such as status, events, other activities as well as any anomalies. As a result, administrators can implement new policies which enhance both physical and network security and compliance (establishing physical presence in a given location as a pre-requisite for network access) as well as track activity and set policies to monitor and quarantine such devices, or take other action. As a result, the activity and usage of all devices can be coordinated and information shared for more secure and effective physical facility and logical system management.

Here this week at Interop, in Booth #869, TCG is showing network security in 5 key areas: the employee cubicle, the conference room/guest user, remote workers, the data center and the factory floor. Physical security plays in several of these. For example, we are showing:

In the employee cubicle, TNC interfaces enable location, identity, endpoint health and behavior-based access control decisions, including for unmanaged devices. Integration with physical security access control using contact and contactless smart card readers also is shown.

TNC-based technology interoperates to provide appropriate access for conference room users, including visitors, partners, contractors, employees, and privileged employees, based on their identity, physical presence, endpoint compliance, role, and behavior.

Come by to see these and other demos or check out more information at http://www.trustedcomputinggroup.org/resources/interop_las_vegas_2009_press_kit

Signs of Trouble in the Network - Greg

2009-05-18T00:00:00-08:00

Static networks are already costing enterprises more on a per unit basis as they grow, per this Fall 2008 Computerworld survey.** Increasing network costs will only reduce funds available for network automation. This recent TCO comparison between Google and Microsoft is just the beginning of the business case war to be fought on the network over who will have the new IT factories in their cities.

As networks get larger and more complex the manual labor costs escalate and they become even more brittle. Ever higher levels of expense and delay are required for the simplest changes. People become committees and committees develop checklists and policies. The static network, the very transport fabric for the cloud, exacts ever increasing taxes on every change, like a bloated bureaucracy. Imagine legions of IT workers manually tracking moving apps and endpoints, like the operators of yesteryear connecting callers with called.

Instead of evolution CIOs who continue to invest in the outdated status quo will experience revolution as the coming cloud TCO pressures (and eventually availability pressures) will force capitulation.

We're not there yet because cloud for the enterprise has substantial technical hurdles. Yet the business case for addressing those hurdles is so powerful they will be overcome. The signs of network automation (from management to monitoring and dynamic intelligence) emerging to address the core of the cloud network disconnect are already here.

Critical Solutions Emerge and Gain Traction

There is currently a wild west of network monitoring and network management tools available (in addition to solutions for ip address management and integrated DNS appliances) for automating routine, yet often high risk manual tasks. While many enterprises still rely upon network management practices that reflect the way that businesses worked before the network, some have started the innovation process. As enterprises increase the adoption of network automation tools this wild west of solutions will consolidate into a handful of companies with robust products that address both current and emerging cloud challenges.

Then there is the promise of IF-MAP which is rumored to be part of a series of live demos at Interop later this month. IF-MAP could unleash new levels of pervasive security for automated networks, as it could deliver an important part of the promise of connectivity intelligence required for the coming reinvention of IT.

System Innovation Drives Higher Velocities of Change

When systems and endpoints move, how will they be tracked? If you're thinking spreadsheets and larger populations of network administrators think again. How many ports were used in the last week versus how many are available for use? Is that data even tracked before switch orders are placed?

As VMware, Microsoft and Citrix break the VLAN barrier those still left managing networks with spreadsheets will face rapidly escalating costs and rising availability risks. They will be the laggards most susceptible to cloudsourcing.

Network Innovation will have to Catch up with System Innovation

The deployment of enterprise-grade clouds will require as much innovation within the network as has been introduced into systems by the hypervisor and various virtualization/cloud partner ecosystems. Yet until recently most CIOs have focused on the tactical gains of converting racks of servers into VLAN racks. As those CIOs bump into network issues, including IPv6, accelerated change and the continued growth of endpoints (see Infrastructure 2.0 blog on "The Three Horsemen...").

That is why I'm generally bullish on networking companies (and their partners) that embrace or promote automation as a way to enhance the business case for capital spending and make enterprise networks more powerful and economical. These leaders, including Cisco and F5 Networks, along with VMware and IBM on the virtualization and system management side are starting a dialogue and offering new solutions. Check out, for example, the recently announced Cisco UCS and VMware's (eight blade) cloud OS.

I am a senior director at Infoblox. You can follow my comments in real time at www.twitter.com/archimedius or join the conversation at www.infra20.com.

** Source: http://www.infra20.com/post.cfm/large-enterprises-paying-heavily-as-networks-grow

Trusted Network Connect: Security Anytime, Anywhere on Any Device - Paul

2009-05-18T00:00:00-08:00

Today, May 18th, the TNC released six specifications including three new 1.0 standards that greatly broadens when TNC based assessments can occur. These new specifications coupled with last year's release of the IF-MAP standard, so fundamentally broadens the reach for TNC that TNC has expanded beyond the traditional NAC capabilities so have chosen a new term to represent its new scope - Pervasive Security. Pervasive Security recognizes that TNC can now (with the release of the new specifications) be used at any time, to any endpoint on an IP network, on any type of device.

It Starts with IF-MAP

To understand why we believe TNC has evolved beyond traditional NAC, let us start by reviewing last year's announcement of IF-MAP. At last year's Interop, the TNC announced the IF-MAP specification that defines a standard protocol for systems on the network to publish information (or meta-data) to a new type of information repository that we simply call the Metadata Access Point or MAP. The IF-MAP protocol enables real time updates to the metadata repository and subscribers can receive real time notifications when updates occur. The initial set of schemas defined for the MAP correlate information known or observed about identities and endpoints on the network and their network flows.

For example, when an endpoint joins the network an edge switch could publish the endpoint's MAC address, switch identifier and switch port number to the MAP. When the endpoint is assigned an IP address, the DHCP server could augment the endpoint's record with the IP address. If the endpoint tries to access a protected resource behind an authenticating firewall, the firewall could add the authenticated identity of the user to the endpoint's record. Finally, if the user of this endpoint entered a facility protected with a badge reader that supports IF-MAP, the MAP can also contain the physical location of the user. As a result, any network infrastructure device that is subscribed to changes about this endpoint is now able to learn all the ascertained metadata about it by the other systems on the network allowing for richer, more granular policy enforcement to be performed. Collectively, this sharing of information enables a coordinated network defense to be possible and greater visibility to the entire usage of the network to the administrator.

IF-T Binding to TLS

Returning to the 2009 announcements, the first new specification called IF-T Binding to TLS expands the reach of TNC to any endpoint capable of communication over a TCP/IP network. In the TNC architecture, IF-T refers to the bottom transport level protocol that is responsible for carrying TNC messages across the network. Traditionally, TNC has the IF-T Binding to Tunneled EAP Methods standard that defines how TNC message would be carried over 802.1X networks and IKEv2 negotiations in the IPsec VPN technology area. Today, TNC is adding a second IF-T binding allowing TNC messages to be carried across any connected set of TCP/IP networks using the popular TLS security protocol. With the release of this specification, any endpoint may now be assessed across any set of interconnected IP networks.

Similarly, this specification also enables the TNC Client or TNC Server to initiate an assessment at any time. This flexibility allows security (e.g. intrusion detection) software on the endpoint or on the network to trigger a new assessment if it is believed that the endpoint is acting suspiciously and thus might be under the control of malicious software. The TNC Server's ability to start a re-assessment also allows administrators to make policy changes that can immediately be enforced rather then waiting for the endpoint to exit and re-join the network. For example, a new policy might require installing of a critical security patch fixing a vulnerability that a new attack is abusing to gain access. Now the TNC Server can trigger the inspection of endpoints to determine which are missing the patch and initiate the remediation process.

Federated TNC

Similar to the Federated Identity work done by several other standards organizations, the Federated TNC standard defines how to enable federation of health assessment results across cooperating networks. Federated TNC enables TNC assessments to be performed for roaming users and any endpoint connected to remote TCP/IP based networks and provide a health credential that can be used for future network access. The two major usage models discussed in this specification include: inclusion of health information in SAML-based federated identity assertions and federation of health assessment results for roaming users.

In the federated identity oriented usage, Federated TNC allows a users operating in a federated identity environment to also be able to carry assertions of health status in order to avoid repeated health checks when visiting different web site (or other protected resources). This is similar to Federated Identity where the user would like to avoid the inconvenience of repeatedly entering identity and credentials upon visiting each new web site. With the deployment of Federated TNC, a single health check can be performed and a health assertion can be added to the resulting SAML assertion enabling trusting communities of interest to accept that the endpoint is well enough protected when making authorization decisions.

The second key usage model involves roaming users visiting a network and wishing to assert compliance with the user's home network's assessment policies. For example, a professor might travel to another university's campus to collaborate on new research with a visited university's professor. The roaming professor would like to not have the visited network inspect the contents of his laptop, but rather present some proof that his system is compliant with his home university's network polices and receive internal access to the visited network's research network. This is now possible if both universities establish a trust relationship and use products supporting the Federated TNC standards. Now the visited university network can tunnel the roaming professor's health assessment back to his home university network. If the professor's laptop is deemed in good health, the professor's home network can issue a SAML assertion vouching for the health of the professor's laptop. Now when the professor requests access to the visited university's network, the TNC Client on the laptop can present the home university network's SAML assertion rather then participating in another TNC assessment.

Clientless Endpoint Support Profile

The third new standard announced today expands the breadth of type of devices that can be assessed by TNC. This specification is not a protocol specification like the others, but rather a best practice methodologies document that defines the expected capabilities and behaviors of network infrastructure in order to maximize the discovery of information about an endpoint that lacks TNC Client software. This specification coupled with behavior based information about the endpoint being published to the MAP allow for any device to be assessed.

This Clientless Endpoint Support Profile specification discusses requirements for TNC compliant infrastructure devices, particularly layer 2 devices like switches, in order to best integrate within the TNC architecture to maximize the discovery of information about an endpoint. The amount of information available for clientless devices varies widely depending on the type of device. Normally at least the MAC address can be discovered and used for authorization. This specification defines the expected canonical format for the MAC address to be used in a RADIUS message for such an authorization request. Similarly, the Clientless Endpoint Support Profile identifies other technologies (e.g. IEEE Link Layer Discovery Protocol) that potentially could offer additional for information about the endpoint. Its envisioned that the combination of discovered information following these best practices in conjunction with behavioral information observed by network infrastructure both stored and correlated in the MAP provide a good basis for managing devices lacking TNC Client software and not able to support downloaded thin agents.

So hopefully you can see why we believe that TNC has significantly evolved beyond a traditional NAC technology into a much broader solution set offering pervasive security throughout the network. We plan to demo several usages of this pervasive security at Interop, so invite readers to stop by our booth and to read future blogs about the demos.

Taking the �IT� out of ComplexITy - Matt

2009-05-14T00:00:00-08:00

Yes, it's true enterprises are complex, and securing these environments adds another of complexity. Security organizations bang their collective heads against the wall, trying to find the happy medium between the right level of security, compliance obligations and business needs, "How can I secure something so complicated and with so many moving parts?"

We all have said it, "you want me to secure what?" (read here: industrial control systems, SCADA, etc.), "you want me to consider traditional physical security in IT security?" (now you've done it! Bringing complexity to an all-time high), and "I need to report on all of it?" (forget it, my head is going to explode).

Now, imagine being able to answer, address and deal with these real issues. Through open-standards, TNC technologies allow organizations to reduce the complexity of these security problems. TNC is not just about access control, it's about pulling together an organizations security practices, policies and products into a unified security solution.

Stop by the Trusted Computing Group in booth #869 at Interop in Las Vegas to see how TNC's open-standards help reduce complexity in the real world. Interop Las Vegas 2009 takes place at the Mandaly Bay Convention Center from May 18 - 22, 2009 in Las Vegas, Nevada.