Slashdot Mirror

← Back to Stories (view on slashdot.org)

Small Company Wants to Make Encryption Key Management Into a Commodity (Video)

Posted by Roblimo on from the operating-on-the-assumption-that-all-networks-will-be-cracked-sooner-or-later dept.

StrongAuth helps protect data with strong encryption, so that even if a company's network infrastructure is breached, its critical data -- including customers' credit card numbers, for example -- is still safe. Their software is open source, and their objective is to "become like the Toyota Camry of encryption key management," says StrongAuth CTO Arshad Noor. "Everybody should be able to afford it." These are big words from a company that only has 12 employees, all in Silicon Valley, but it's a company that not only has a strong reputation among its small and medium-sized business clients, but is starting to get acceptance from Fortune 500 behemoths, too. In this video interview (and in the transcript), Arshad not only talks about data security, but about how his company makes money while developing and relying purely on open source software. And did somebody ask about Linux? Yes, their software is all based on Linux. CentOS, to be exact.

16 of 63 comments (clear)

  1. Slashvertising by Anonymous Coward · · Score: 2, Informative

    Anyone "should" be able to afford it? Everyone IS able to afford it. Right now.

  2. Encryption costs time and CPU, not dollars. by Kenja · · Score: 2

    The cost of implementing strong encryption is the time it takes and the CPU cycles to run it. There has never been a high dollar cost that I am aware of other then these two factors. The former issue is alleviated through a standard frame-work, of which there are already a great many. The later can not be reduced, and can be a significant factor on virtual environments where CPU time is at a premium.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Encryption costs time and CPU, not dollars. by ArsonSmith · · Score: 2

      Interestingly, I do a lot of encryption related work and those two parts are the least of our worries. Key management takes up 90% of the time that is applied to encryption and it is a constant and on going thing that puts data at horrible risk if it's not done right. From both sides, you need to secure the keys well enough that only the people that need them can get them but no so well that the people that need them can lock them selves out.

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
  3. Re:Given Time... by buchner.johannes · · Score: 3, Insightful

    Given time, the Sun will become a red giant and destroy Earth. Given time, Dark Energy will rip the universe apart.
    The question is will the keys break before or after that.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  4. Slashvertisement. You're doing it right. by xxxJonBoyxxx · · Score: 2

    You even got SlashDot to post a video from a 1990's-style trade show, for God's sake.

    >> Yes, their software is all based on Linux. CentOS, to be exact.

    Er...just one distribution?

  5. And the interested parties are... by SanDogWeps · · Score: 2

    the Playstation Network?

  6. an excellent slashvertisement by nimbius · · Score: 2

    except for the "his company makes money while developing and relying purely on open source software."

    we dont need more assholes building code monastaries.

    --
    Good people go to bed earlier.
  7. Re:Given Time... by Anonymous Coward · · Score: 2, Insightful

    The question is will the keys break before or after that.

    Secret information is usually time-sensitive. The question is: Can the keys be broken before the information is worthless (de-classified)?

    It's been included many times before, but here is the obligatory XKCD: http://xkcd.com/538/

    As the cartoon and Schneider reveal, those using the security system can be exploited, if one can find them. That's been mentioned many times on 'National security letter' stories where the government is intruding into someone's online life.

  8. Slashdot. STAHP. by PhxBlue · · Score: 5, Insightful

    Dear "Editors":

    This is a new low, even for slashvertising.

    Responsible journalists do their damnedest to make sure their work looks nothing like the ads that appear on their sites. You've just done the exact opposite. In fact, remember when The Atlantic posted a Scientology ad as editorial content? Remember the outcry that went up about the distinction between advertising and news? Well, you've just done the exact same thing.

    Knock it the fuck off. Slashdot was supposed to be "news for nerds." If you want to sell out, do it on your personal time, not here.

    --
    !#@%*)anks for hanging up the phone, dear.
    1. Re:Slashdot. STAHP. by PhxBlue · · Score: 3, Insightful

      FYI - none of these videos are paid ads.

      Then it's free advertising. Still not seeing the distinction, except that StrongAuth got an even better deal than we thought.

      Those who want to believe otherwise are free to do so, but that doesn't alter the facts.

      Slashvertising is a common enough practice that it has its own portmanteau. That's a fact. And I don't know what you think constitutes journalism, but to me, it doesn't mean sitting down one-on-one with a company talking head and tossing him a bunch of softball questions. That's public relations at best, marketing at worst, but it is not journalism.

      Also FYI: America's elected president wasn't born in Kenya and little blue men don't truck the sun around the earth on an invisible track every day.

      Right, because insulting your readers does wonders to bolster your credibility.

      --
      !#@%*)anks for hanging up the phone, dear.
    2. Re:Slashdot. STAHP. by Roblimo · · Score: 3, Insightful

      You're right. I shouldn't get upset by people who choose to believe things that aren't true. I apologize.

      I understand the definition of journalism you're using. However, I do not believe that it's necessary to be negative at all times.

      In this case, Tim had a pleasant conversation with the CTO of a company that releases the software it develops for free, under the LGPL.

      What should Tim do? Thunder "How dare you do that!?" at the man?

      Re portmanteaus: Anybody can create one. For instance, I could coin "Slashcretin" to describe some of our less intelligent readers.

      But since I am supposed to absorb abuse, but never supposed to react to it, I will not use the word "Slashcretins" to describe even the most foul-mouthed, ignorant Slashdot readers. (And no, you are not one.)

      So have a nice day, and thank you for your input. :)

      - Robin

    3. Re:Slashdot. STAHP. by Alsee · · Score: 2

      by Roblimo (357)
      FYI - none of these videos are paid ads.

      It doesn't much matter - from the reader's point of view it's indistinguishable from a paid advertizement. Your readers are seriously put off by this article. That in itself is enough to establish that you blew it here

      And note that the grandparent post said "Responsible journalists do their damnedest to make sure their work looks nothing like the ads that appear on their sites" - pretty well acknowledging that it may not be a paid advertizement, and that you blew it even if it wasn't paid.

      Also FYI: America's elected president wasn't born in Kenya and little blue men don't truck the sun around the earth on an invisible track every day.

      It looks like a paid ad, it's hardly surprising people are going to suspect it's a paid ad, particularly when there was no statement to the contrary at the time. That's hardly some loony conspiracy theory. You blew it, it was a bad article, simply answer that it wasn't a paid ad and move on and avoid the appearance of paid ads in the future. Calling your readers loony birthers only compounds the problem.

      MY bigger issue is that you knew this company was pushing a Trusted Computing scheme. (He directly mentioned the Trusted Platform Module during the interview). I, and a lot of people here, find that far more offensive than the idea of a paid article. At least a paid article I can begrudgingly understand - Slashdot is a business and sometimes parts of a revenue model can be annoying but understandable. But knowingly getting in bed with Trusted Computing - promoting it - that's just plain villain terrain. This stuff is fucking evil, and a large percentage of your readership views it as fucking evil. And I assume you're well aware that the large majority of us view is as fucking evil. It is the single greatest threat to Open Source, it's a direct assault against the fundamental ownership and control of your own computer, it's an ideology to "fix" general purpose computers so they are not general purpose computers. It redefines "security" to mean glorified DRM schemes. It is the single greatest threat to lockdown/exterminate innovation and new technology.

      WTF were you thinking?!?!

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  9. Nothing but a whorefest by shaitand · · Score: 4, Informative

    I get this everywhere else. I don't need it on Slashdot too.

    1. Re:Nothing but a whorefest by shaitand · · Score: 2

      Sure but at least put it up in a way that PRETENDS not to be an advertisement. I think a fair number of us work in the enterprise tech world and browse Slashdot to escape it for awhile. This stuff floods our inbox all day long.

      This thing doesn't even promote an actual solution it just delivers the rah rah pep talk these guys would have in the company meetings they subject their staff to. Lots of enthusiasm and feigned altruism, no content. I don't mind a slashvertisment slipping through now and again if it introduces me to some neat new thing or raises interesting discussion. But this has none of that. Just the nonsense philosophical spin a random company is putting on having the same goal as every other corp, milking profits.

      Hopefully this is just a one off event that resulted from an editor doing a solid for a friend. Still i think it would be more effective if some geek driving the tech for a project in this company wrote up about something sweet it does and the marketing department kissed off. I think you'll find that I'm not one of those who usually rants about the editors. ;)

  10. Re:Given Time... by K.+S.+Kyosuke · · Score: 2

    Given time, the Sun will become a red giant and destroy Earth.

    Actually, now it's gonna be by courtesy of Oracle, but same difference.

    --
    Ezekiel 23:20
  11. Wait...what? by Chris+Mattern · · Score: 2

    Encryption Key Management IS a commodity. What in hell are these yahoos talking about?