By now the jargon giants of the IT world have bombarded you with the new industry buzz-word of Trusted Systems, Trusted Computing and Trusted Infrastructures.

This article attempts to clarify the concepts of Trusted Systems, Computing and Infrastructure without using heavy IT jargon.

Trusted [Computer] System - a simple description

Let's say we have some information on a computer (stored in a file or a database) that we want to protect:

• From prying eyes both outside and inside.
• From misuse by personnel.
• From leakage or theft by insiders.
• From unauthorised distruction.
• From becoming corrupted (erroneous) through accident or abuse.

In short, we cannot choose to trust the personnel (users) with the safety of the information. Therefore, in order to protect this information, someone or something else has to be trusted to deliver and manage its security; and for that we choose to trust the computer.

When we choose to trust the computer for security over the users, we call the computer a Trusted (Computer) System.

Trusted Trouble and how to avoid it...

Trouble lurks with the word "Trusted". The trouble is that we do not always differentiate between choosing to put trust in a computer security system, versus, choosing a computer security system that is worthy of trust.

First step of course is to decide whether you need a Trusted System to protect your sensitive data. The answer in today's world is without hesitation "Yes!".

Next step is to figure out which security system do you trust? Do you trust a brand? a big well known company? Security developed by your favourite programmer in house? Open-source? Closed-source? The answer, actually, is "none of the above!" As a matter of fact, you should mistrust everyone, except the computer system after it has proven itself worthy of trust.

You have to have proof that the security system computer can be trusted. Trust is all about proof!

Proving grounds

So how does a security system prove itself worthy of your trust?

Well this question was first addressed in 1985 by U.S. DoD with their Trusted Computing Security Evaluation Criteria. Since then, several formal methods of evaluating Trusted Systems, have come about. You can read more about them in Evaluating Trust: A Brief History of Trusted Computing. Today, Common Criteria (ISO 15048) is the prevalent globally accepted standard for evaluating the strength of computer system design and security for particular level of trust.

By getting an independent and accredited evaluation lab to verify the security of your sensitive IT systems, you can be certain that what you are using within your organization meets with your exacting security expectations.

Our proof to you.

We can, as per your requirements, have any and all of your installations of our products and solutions tested against any protection profile at any evaluation level by an independent evaluation lab of your choice.