What do unified communications, social media, mobile applications, wireless connectivity, and data centers have in common? Increasingly, they rely on partnerships to create and implement solutions, and in all cases they force new ways of approaching security.
In the wake of HP’s recent unified communications announcement with Microsoft, I’ve been thinking about how partners can best approach joint development projects in a way that’s both productive and secure. And I’m struck, once again, by the importance of a standards-based environment in accomplishing these dual goals.
Why standards matter
We can all recite the benefits of networking standards to end customers: interoperability among heterogeneous network elements, cost-effective scalability to accommodate future growth and new technologies, and the economic benefits of choice among various competitive options.
Less often emphasized are the benefits of standards in the development process, especially when two or more different organizations are working together on joint projects. It’s actually a very scary prospect for most companies to collaborate closely with people outside their own organization. What if the other company learns trade secrets it can then use later for competitive advantage? How do we know if we are really working toward the same goals, and that the division of labor is fair?
And, from a more practical perspective, how much effort will it take to be sure our jointly developed final product isn’t a Frankenstein-like mess?
Beginning with a standards-based framework provides a common set of assumptions and a common “language,” so you and your development partners don’t get bogged down in minutiae before you can get started. When you’re in the middle of the process, working in a standards-based environment provides confidence for everyone involved that proper protections are in place to keep everyone’s confidential information hidden without getting in the way of progress.
A practical example: ProCurve ONE
This premise is an important factor in the ProCurve Open Network Ecosystem (ONE) multivendor alliance program, designed to deliver network applications as part of pre-packaged and tested solutions.
ProCurve ONE is delivering unprecedented choice of best-in-class applications and services that are tested and certified to run on an HP ProCurve network. Additionally, ProCurve ONE aims to improve and simplify network security by integrating a wide assortment of security applications into an infrastructure based on ProActive Defense security principles.
ProCurve ONE brings together applications and vendors that overlap and, in some cases, compete directly with each other in a program in which everyone needs to be comfortable about working closely together.
As HP ProCurve and its strategic partners develop products within the ProCurve ONE program, we are already finding it easier to achieve that delicate balance between the openness required for optimal business benefits and appropriate levels of security.
Securing partnerships
One of the biggest challenges in partnership development projects is preventing leakage of trade secrets. Equally important is that all sides of a partnership have confidence that their trade secrets are being protected. These might sound like the same thing, but there’s a subtle difference.
We’re moving toward a world where technology can facilitate the protection of trade secrets during development partnerships. In fact, the access control aspects of our ProActive Defense network security strategy, among other things, will facilitate this process. In the future, the network itself will actively work to prevent data leakage, including the leakage of trade secrets.
For now, however, the best approach – and one that we’ve used successfully at HP ProCurve both with Microsoft in developing unified communications products and with others of our ProCurve ONE partners – turns out to be a human-to-human “Chinese wall” approach.
The term Chinese wall is a legal and financial one, referring to an ethical (as opposed to a physical) barrier erected between separate groups to avoid conflicts of interest. It is designed to ensure that only a certain subset of a population is privy to sensitive information and has rights to communicate it with external partners. In recent HP ProCurve joint development projects, we’ve found that establishing and sticking to set of rules akin to a Chinese wall has worked well.
As an example, when developing the HP ProCurve Threat Management Services zl Module, all the members of the team involved, from engineers to product and marketing managers, had zero to little interaction with the teams from McAfee and other ProCurve ONE partners developing directly competitive products. Similarly, rules of strict separation have been established and followed by certain server-based teams within Microsoft and HP in creating joint unified communications and collaboration products.
I’m looking forward, though, to when network technologies are in place to enforce the Chinese wall-type rules, adding that extra level of confidence for everyone involved in a development partnership.
How ProActive Defense helps
As you all know by now, ProActive Defense is HP ProCurve’s comprehensive, holistic approach to network security. By combining “offense” (access control, pre-admission security) and “defense” (threat management, network immunity, post-admission security) simultaneously within a trusted infrastructure, ProActive Defense creates an environment in which security already exists and is encouraged organically.
ProActive Defense depends strongly on HP ProCurve’s strong commitment to standards, which includes building important security and other standards directly into ProCurve switches and other products. And as I mentioned earlier, the future direction of ProActive Defense will involve better and more sophisticated methods for preventing leakage of trade secrets during joint development programs – as well as ways for the final products to embody improved security.
Ideally, if you’re involved in a joint development effort, both you and your partners would adopt a ProActive Defense strategy. That way, you can focus on the joint project itself, instead of spending precious time crafting a security framework from scratch, negotiating all the details, hoping you have it all covered, and looking over your shoulder to make sure your company, and the fruits of the partnership, remain secure.
A final note
For any of you planning to be in or near Las Vegas in mid-June, I invite you to attend the HP Tech Forum & Expo 2009 at Mandalay Bay, June 15-18. I’ll be talking in more detail about data leakage and other network security topics, and the forum has a vast array of other great sessions. For more information, visit the HP Tech Forum Web site.
Mauricio Sanchez, MSEE, CISSP, is the Chief Network Security Architect for HP ProCurve. He is responsible for specifying ProCurve’s ProActive Defense security technology strategy across all product lines.
