I read an interesting article recently about India’s plans to build a new computer operating system. Their main goal is to enhance the security of their computer systems – they want to deter and prevent hacking. The Defence Research & Development Organization (DRDO) is developing the new operating. India’s current dispute with Research In Motion for greater access to communications for BlackBerrys is an example of their security concerns.
This got me to thinking about how many commercial operating systems exist and if they are secure. We have Microsoft Windows, Apple OS X and numerous flavors of Linux for desktops and laptops. For servers, we have Microsoft Windows Server, Mac OS X Server, Oracle Solaris, and all the UNIX and Linux variants out there by IBM, HP, Novell, RedHat and a hundred other companies. Then we have the mobile operating systems – Apple iOS, Blackberry OS, Android, Windows Phone OS, Symbian, Palm OS and the list goes on.
Is the current crop of operating systems secure? The short answer is that no operating system is completely secure unless you unplug it from the network. I remember the famous scene from the Mission Impossible movie where Tom Cruise rappelled into the mainframe access room at the CIA. There was no outside access into that computer so you had to be inside the CIA to get its information.
In our connected world, not having network access for our computers is not a viable option. Most of us work from numerous locations and need access to information from many systems. A recent quote from Dave Evans, futurist and chief technologist for Cisco’s Internet Business Solutions Group said it best. “Work is not a place anymore. It’s a lifestyle . . . ” We need to be able to access information anytime, from anywhere and on any device.
Are the current crops of OSes secure enough or do we need to work harder? One approach to providing a more secure computing environment may be to limit what is stored locally and move more data to the cloud. That could reduce the potential targets for hackers, since my smartphone or laptop wouldn’t have much worth stealing. My server would be in a secure data center and I would access the information through a browser or other secure connection.
That’s what Google is proposing with their Chrome OS, which we may see later this or next year. The Chrome OS would eliminate most local storage and applications. You would connect to the cloud and work through a browser.
There are advantages and disadvantage to this. Some people don’t like the idea of entrusting their business information to a third party provider. Some see it as a single point of failure. Some worry that their data will vanish if the provider goes out of business. Some think it may be easier for hackers to exploit, if more business information in concentrated in a few giant data centers.
These are all reasonable concerns and the cloud and SaaS providers are taking extraordinary measures to ensure security and privacy are paramount in their operations. Every day I hear about another data breach, but I haven’t heard of one at a cloud provider.
Another approach is not to worry so much about the operating system and instead worry about the information on the computers. Granted that if the OS is less susceptible to attack and exploitation, then the data inside is more secure. If I encrypt the data or documents using an enterprise DRM application, then I can control what happens to the information even if the computer is hacked.
Maybe the goal of the Indian government is to create an operating system that is very simple and locked down. I think this is where companies are going with mobile platforms. It’s a lot harder to hack an iPod than a PC. The advantage of single purpose systems is they are easier to lock down. The down side is they are limited. It will be interesting to see if this new OS is multipurpose and runs on a variety of devices or not. And will it be built on existing code bases, like Linux, or something entirely new.
As systems become more connected and open, there is always the problem of security. We need to worry about what is worth stealing and lock that information down. A new OS may be the answer, but taking precautions with your documents and data through encryption and other methods will help now.
And remember that half the problem of security is the person using it and not the technology.
Photo credit aks801