Want CNET to notify you of price drops and the latest stories?

McNealy to tech firms: Clean up your security act

Sun CEO says tech needs to take aim at the digital divide--and offers up a remedy involving some of Sun's pet initiatives.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
3 min read
SAN JOSE, Calif.--The digital divide won't get any smaller until technology companies clean up their security act, according to Sun Microsystems CEO Scott McNealy.

Not surprisingly, he offered up a remedy that involved some of Sun's pet initiatives.

Sun, which primarily sells servers that power the Internet, is aiming to arm the globe with computers that, in part, reduce the digital divide that separates roughly three out of four people in the world from accessing the Internet.

But McNealy cited security issues as a potential wrench in such efforts.

Scott McNealy,

"It's not going to happen if we don't solve the security and access issues," he said Tuesday during a keynote speech at the RSA Conference 2006 here.

And for McNealy, the answer lies in open architecture and the sharing of code to address security issues.

He pointed to Sun's open architecture efforts, from Java to its open source Solaris 10 to its founding membership with Liberty Alliance, a federation standards group.

The primary causes of security problems are a hodgepodge of technology in data centers and virtually little differentiation among desktop computers, he noted. He said some companies, for instance, have technology from 150 different vendors stitched together in their data centers, which means security problems become compounded because each vendor issues a multitude of patches a year.

"And they wonder why they have a security problem," McNealy said.

On the client side of the equation, the problem is reversed, he added.

"There's not enough diverse DNA, so one virus can wipe out a lot of computers," McNealy said. "The reason we don't have enough diverse DNA is because we have a monopoly...with a partner that shall go unnamed."


Sun has long sung the praises of the thin client concept, with its Sun Ray line, as a replacement for the desktop.

But customers facing an expensive exit from their existing systems may be loath to adapt such technology. However, McNealy noted that such a cost can easily dwarf the expense of buying the original technology and related support costs.

McNealy's address comes as Sun steps deeper into security, and as customers are increasingly looking for ways to shore up their systems to conduct secure financial transactions.

Earlier this week, Sun announced two security initiatives, one a form of encryption for its next-generation Sun Java System Web Server. The other revises the way it delivers security features for Solaris.

The company introduced Sun Java System Web Server 7.0 with support for Elliptic Curve Cryptography, or ECC. Because ECC uses smaller public keys to unlock encrypted content, Sun said, the technology can speed computations for secure online transactions and requires less power.

Sun also debuted its Solaris Trusted Extensions, which are designed to replace some of the security technologies it offered to banks, government agencies and other organizations before it discontinued its practice of offering a second, secure version of Solaris called Trusted Solaris.

And in November, the hardware maker announced a partnership to offer Sun Secure Mail. The company, along with communications network provider Lucent Technologies and encryption software vendor Echoworx, partnered to offer Internet service providers a hosted e-mail encryption service. Sun Secure Mail is designed to give ISPs the ability to encrypt e-mail at the desktop, rather than change e-mail applications.

In the summer, Sun also expanded its identity management software offerings with two federated ID products. The federated products are designed to allow companies to identify and authenticate users, allowing them to securely exchange user credentials with two or more partners.