Secure by Design: The Future of IT Security?
A startup called Bromium is taking on the challenge of Byzantine Fault Tolerance: Making computer systems that are dependable and secure by design.
Sometimes it takes a startup to tackle the big problems.
In 2007, XenSource was such a startup, leading the commercial push for the open source Xen Hypervisor. XenSource was acquired by Citrix for $500 million that year, bringing in some of the leaders of the Xen community, including Simon Crosby who served as the CTO of XenSource. In 2011, Crosby left Citrix to start something new -– a company called Bromium.
Bromium is led by Crosby along with Xen co-founder Ian Pratt and Gaurav Banga, formerly the CTO and senior vice president of engineering at computer BIOS maker Phoenix Technologies. Bromium to date has raised $9.2 million in venture funding. The company has remained for the most part in stealth mode -- but in an interview with eSecurity Planet, Crosby talked about the big problems that Bromium is aiming to solve, and why he thinks it holds the potential to change IT.
"Technology is of no value in its own right," Crosby said. "It has to deliver big changes to people in the way that they run their lives -- and this is one of those projects." While Bromium is likely to emerge as a security vendor, Crosby stressed that fundamentally the company is all about building inherently trustworthy and secure systems.
The big problem Bromium is working on is called Byzantine Fault Tolerance. In computer science, this concept describes a system that is able to survive multiple and arbitrary forms of attack or failure of its component parts.
"It is a challenging problem in computer science. We're trying to build trustworthy computing infrastructure," Crosby said.
In Crosby's view, the current IT security market is all about detecting the bad guys and then sounding the alarm when that happens. This reactive approach is becoming a losing proposition in the current climate of rapidly evolving malware.
"The business of detection and all of that stuff is absolutely not what we want to do," Crosby said.
While the precise details of the Bromium solution are still under wraps, virtualization will play a role in the trustworthy solution. Crosby and his co-founders all have their roots in virtualization.
"Our DNA is virtualization," Crosby said.
What is also clear at this point is the model for how the software will be built and then eventually sold. At XenSource, Crosby leveraged the open source Xen project as the core technology and then built proprietary value-added software on top. It's a model he's going to replicate at Bromium.
Crosby noted that the current code base for Bromium is derived from numerous open source repositories.
"My model is that if you're going to claim properties related to security they have to be open," Crosby said. "I'm not saying open source is inherently more secure, it's just a better development model for getting to secure."
View the interview: