The Hewlett-Packard Co has announced enhancements and new pricing for its HP Presidium VirtualVault, a trusted web server platform. The upgrade adds application-level protection for widely used business-to-business applications, supports more platforms and should be cheap enough even for the notoriously parsimonious manufacturing and telecom sectors. Dana Hendrickson, head of HP’s internet security division, says VirtualVault is used primarily in the banking industry. Banks were among the first to connect to consumers using the internet, allowing them to access sensitive internal systems. Now more and more companies are wrestling with same fundamental issue of where does internet stop and the intranet begin? Hendrickson explains. The answer is, it doesn’t matter; they have to be melded together.
He says HP is taking popular pieces of code – Ariba, Oracle and SAP – and integrating or building gateways or proxies into Virtual Vault. This should help companies get their secure application or service up and running smoothly. The product concept is a no-brainer; they’ve got to do it, he says. But as more and more businesses don’t have security staff, we’re taking more and more responsibility to add their software stack to our platform. We want to minimize customization. This approach seems to be paying off. In the last 12 months we’ve moved to supply chain, corporate HR, sites with b2b e-commerce, says Hendrickson. The fact that VirtualVault worked so well in financial services has really brought us a lot of credibility.
So what’s new? We are vaulting some proxy software in the system that will allow you to http in and http out, Hendrickson says. Customers can now put Vault like a black box in front of any web-enabled application and protect it. They get the same type of security as if they had put the application within the vault. The proxy adds load balancing and fault tolerance to the basic security premise. Then for every application environment, we will tailor the operating system privileges and utilities, he says, so that privileges are assigned and limited in time. That’s not all: VirtualVault conducts integrity checking and keeps gold standard copies of documents and scripts in a protected compartment. We check our own operating system, web server, and web pages, Hendrickson concludes. For anything that lives inside this Virtual Vault, we will validate authenticity before we run it.
For his next trick, Hendrickson promises a secure email system based on Microsoft Exchange. Later in 2000, look for a VirtualVault for the wireless web, built in collaboration with Nokia, Motorola, Lucent and Sprint. A lot of people in the banking industries see wireless as a way of providing 24×7 access to services, he says. It will be a major trend next year. The standards have converged. HP wants to be the one-stop security shop for ISPs and ASPs serving the wireless market. Where’s the competition? Hendrickson says that while Sun Microsystems Inc and IBM Corp offer secure operating systems, neither offers a trusted web server. As for Microsoft Corp, its security is notorious for being a poorly implemented afterthought. If its view of the market is right, HP can well afford to cut prices, and it has. Software licenses at the low end are less than half of what they used to be, he says: they now start at $17,500.
