ARM Community: ARM & AMD partner on security, promote client to cloud ecosystem - ARM Community

Today ARM and AMD announced a strategic technology partnership in the area of security. AMD will be incorporating ARM TrustZone® technology into its processors starting with selected APUs early next year and moving to more processor units by 2014.

So what’s the story behind this? Why is it so important?
Well, this is not just about ARM and AMD, it’s about building a consistent approach to security from client to cloud. It’s about building and driving an open ecosystem of security applications and services. It’s about bringing information security fundamentals into line with the contemporary compute landscape. ARM and our partners have been working hard on technology and standards in this area for a long time, and with the recent release of the GlobalPlatform Trusted Execution Environment standard, everything is in place to enable us to move into the next stage of trustworthy, connected computing.

Information security is a whole-system play
It is simply not enough to concentrate purely on securing a device: a particular computer, a specific handset, an individual appliance. The goal of modern computer security is to protect information, and to give that information adequate and consistent protection no matter where it is.

We all increasingly demand information mobility - accessing and managing our affairs in the most convenient way available, be that mobile phone on the go, a tablet in the living room or a laptop at work. We use the Web, email, instant messaging and cloud computing to live our digital lives in the most efficient way possible. For other tasks we may use captive data centres, SaaS or cloud storage, or portable storage. In other words, by the time you’ve completed your digital business, your data will have been on a wild ride through a huge variety of devices, systems and service providers, all of whom have a part to play in keeping that data safe.

Unified approach
There’s an old cliché in security circles that holds “complexity is the enemy of security”, and like so many clichés this one has more than a grain of truth behind it. It’s typically used in the context of software design but in the context of large systems there’s another message in there: with so many moving cogs in the machine of mobile information there’s a lot of potential for things to go wrong. Complexity here is less the enemy than simple inconsistency, as differences in approach to security at different points in the chain can lead to cracks, loss of policy information or simple confusion and unknown risk profiles.

Why? Because security technologies are not effective if developers have to learn new interfaces and secrets every time a new device comes along – it’s just too hard and time consuming – so widespread standards and consistency are essential economically as well as improving security. Working together as an industry we can make security a positive enabler, reducing risk for users and reducing development headaches for service providers.

Now, I’m certainly not saying that a single security product is what needed for the whole client-to-cloud piece. We need diversity in the security landscape: different players and products offering specific focus on industry verticals, particular attacker types or manageability issues. But by agreeing on a common base approach, using a common set of language and definitions, and by contributing to a collaborative ecosystem providers can bring reliable, robust and trustworthy security to the whole system.

Traditional security approaches, with retrofit, too-broad, unmanageable encryption or out-dated firewalls have only had the effect of scaring people into chilling innovation, locking down machines and services and keeping us from reaching our full potential. By taking an open ecosystem approach to security, built from the point of view of active protection for sensitive assets, it is possible to re-ignite innovation and open up a world of possibility without the loss of security or trust.

We recognize that products and services are chosen first and foremost on value and functionality. The user experience offered, the ways information is made available and the way the service is handled behind the scenes are key to innovation: security cannot be the tail that wags the dog. Again, by taking a proactive approach to protection and agreeing upon a common baseline approach throughout the ecosystem, service providers are able to concentrate on what they do best without compromising on trust.

So in making the announcement today ARM and AMD are reinforcing the message that now is the time to bring this approach to the world. We are sure we can do better than the last 30 years of IT security band-aids, patches and all-too-vulnerable firewalls. Together, with a unified ecosystem approach, we can all move forward into the next stage of trustworthy, connected computing.

Jon Geater, Director of Technology and Secure Services Division CTO, ARM, is responsible for vision, strategy and development of strong security technologies throughout the embedded and mobile ecosystem. Jon is an expert in cryptography and key management and has long and broad experience in the information security industry providing real-world Enterprise security solutions to financial services, telecoms, hi-tech and government organizations worldwide. Prior to joining ARM, Jon served as Director of Technical Strategy and Enterprise CTO at Thales e-security, and Director of Technical Strategy at nCipher Corporation, where he headed up design of cryptographic security products from embedded cryptography through MChip/CAP modules to Cloud security solutions.

Jon is a keen supporter of standardization and industry alliances. He has been corporate representative to bodies such as OASIS, TCG and the Cloud Security Alliance. He is co-founder of the OASIS KMIP key management group and has represented the group at prominent international conferences.