/* */

09 July 2007

Information security in hosted applications

We are fascinated to see Google’s purchase of the hosted secure (as in commercial) communications provider Postini. We see this as a significant milestone in bringing good cryptography and other good communications security to the average user of the Parallel World – which for a decade has been simply stalled, with no advances in usability due to the lack of significant adoption. (As opposed to those wonderfully secure but entirely impractical systems which are trotted out on an almost annual basis by some vendor or another.)

Now, we would not consider this proof against a nation-state level attack, but it certainly has to be better for the average business or home user (especially those working out in the hinterlands of the Gap) to be able to enjoy a modicum of privacy in typical communications.

We are also curious, however, how long it will take for many corporate users to get over the perception of insecurity and “irresponsibility” in a hosted service. And likewise, we wonder if there might be any government contracts in the works for a truly stable, robust, and secure platform operated by a major player such as Google. We don’t see this coming about for classified networks, but certainly anything Google would build seriously could far outshine the nightmare that is HSIN, and likely even edge out the new OSIS and AKO/DKO/JKO portals. We are certain Google could assure enough security for these sensitive but unclassified applications… and just think of the complications one would cause adversary traffic analysis efforts by mixing those messages in with the entire volume of Google’s routine data traffic.

Labels: , ,