Feeds

SuSE and IBM secure Linux for the Feds

Open source lockdown

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

SuSE and IBM have moved a step closer to some meaty government and military contracts by helping Linux pass muster on a key security standard.

The two vendors have met Evaluation Assurance Level 2+ (EAL2+) of the Common Criteria (CC) standard used by Feds the world over. This security seal of approval covers SuSE Linux Enterprise Server 8 running on IBM's Intel and AMD-based xSeries servers.

This is a nice milestone for Linux, although the operating system still has a ways to go before it unseats more readily used OSes. All of the major versions of Unix along with Microsoft's Windows 2000 lay claim to a higher EAL4 certification.

SuSE and IBM hope to remedy this problem together. The companies expect to meet EAL3+ certification and the Common Operating Environment (COE) standard later this year. The COE requirement is unique to the U.S. Department of Defense (DoD), which, as we all know, is where the big money is these days.

Meeting these requirements should help Linux put more pressure on Unix and Windows in a key market. The open source OS has already marched right into lucrative segments such as financial services, unseating Unix on its way. Now, it's time to say "hello" to Uncle Sam.

For IBM, it appears a Linux push into government contracts will be nothing but gravy. Few tears will be shed if AIX is replaced by SuSE on IBM kit. In addition, it gives the vendor a bit of leverage against rival Sun Microsystems, which enjoys a prominent place with U.S. three-letter agencies.

Sun has just signed on with SuSE as well, but it's hard to imagine these two vendors going through all the security certification hassle together. First off, Sun does not have a comparable x86-based server lineup to IBM. More importantly, Sun wants Solaris to maintain its hold on the data center for now. Linux is fine as a Web or application server, but it has no place deep in the data center.

This isn't a bad strategy for the moment, since it will take SuSE and IBM sometime to meet Solaris on the security standards front. ®

Next gen security for virtualised datacentres

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.