Dr SSL says intelligent data is the future of computer security

David M Williams
Monday, 18 May 2009 13:35

Business IT - Security

Dr Taher Elgamal, the driving force behind the SSL protocol explains that intelligent data is the way forward for business to protect confidential company information and simplify infrastructure.

Dr Elgamal is presently in Australia for AusCERT’s 2009 Asia Pacific Information Security conference being held on the sunny Gold Coast from May 17th to 22nd. He delivered the keynote speech and is also delivering a session on data leakage.

Egyptian-born Elgamal is a world renowned cryptography expert who made his mark on the Internet while serving as Chief Scientist at Netscape Communications between 1995 and 1998. His work gave us the Secure Socket Layer – or SSL – protocol, and gave rise to Elgamal being sometimes known as Dr SSL.

SSL is the ‘s’ in https, the encrypted communications channel that powers billions of online sales and banking transactions every year.

Elgamal is now the Chief Security Officer of Axway Inc, formerly Tumbleweed Communications.

Elgamal’s keynote speech related to his work at Axway, who are in the business of connecting enterprises and sharing data, and was titled security for multi-enterprise.

A “multi-enterprise” application is an application that is used among a community of business partners and, importantly, one that manages how the partners share data with each other and what the security parameters are. Such multi-enterprise applications as a future trend in automating business processes, he says.

Such an application is specially challenging because it brings together all aspects of security. This begins with authentication – validating the participants as well as the partner organisations – moving on to assigning access rights to each combination and ensuring the users or programs get the right type of data from each partner. Finally, auditable data must be preserved for each transaction.

In addition to the keynote, Dr Elgamal is presenting on data leakage protection. He believes current concerns of data leakage are a sign of the times. It is almost as if, he feels, one day people woke up and found out all the security controls being worked on were focused on server infrastructure instead of actually protecting the data itself.

Consequently, a fully authenticated user can log on to a computer and access data and then walk away with it on a USB stick or transmit it via e-mail to another party. All the server infrastructure controls were satisfied but yet data still fled the business.

He has a solution.