Although Microsoft and Sun Microsystems have long been rivals, their security strategies contain more than a passing similarity. Both envision use of smart-card technology plugged into the desktop to authenticate users to their systems and both believe that the majority of a users' security technology should come from the same company.
During his Tuesday keynote at the RSA Conference 2006, Sun Microsystems CEO Scott McNealy said the bar is low regarding security in the technology market. "The computer industry is more screwed up than any industry except health care, which kills everyone eventually," he said. More specifically, McNealy criticized large, cobbled-together data centers that don't make use of standardized protocols to communicate and verify information. McNealy also pointed out that PC security is suffering for the exact opposite reasons, namely that most people use the same type of device and operating system, "the same DNA," which makes them easier to attack.
Of course McNealy's displeasure with the current state of the PC and data center markets could be seen as a ploy to promote his company's strategy for the use of thin clients and smart cards on the desktop and Sun servers on the backend. These Sun servers would be equipped with the Sun Crypto Accelerator 6000, which the company announced Tuesday. The SCA6000, available by the end of April, is a high-performance hardware security module for Sun Fire servers that offers a tamper-resistant way to store secure encryption keys.
McNealy also announced that the Sun Java System Web Server 7.0, due for release this summer and part of the Sun Java Enterprise System, would support Elliptic Curve Cryptography, which is used by the National Security Agency to protect classified government information. By including ECC in the Java System Web Server, Sun is looking to cut the time it takes to complete secure online transactions.
Microsoft is in complete agreement that users need to simplify security in order to make it easier to use and more ubiquitous. "We have an overly complex situation today" for end users, IT workers, and application developers, Microsoft chairman and chief software architect Bill Gates said during his Tuesday keynote. Such complexity hinders adoption of security.