The philosophy behind SecureOL's VE²

Every one of us makes compromises from time to time; the same goes for the IT. If it was up to the IT, they would close the entire enterprise's access to the Internet, using memory-sticks, inserting CDs, etc. On the other hand, if it was up to the employees, their policy would be that of minimal denial of access, if any. Consequently, two different interests collide on a daily basis to create a complex and somewhat frustrating nature of compromise.

Human beings constantly strive for certainty. It is always much easier to make a decision or to live in a world of definitive options. However, the world does not seem to function in accordance to binaric logic. Many shades of gray separate the black and white of definitive certainties.

The same realizations apply in the information security world, as demonstrated by the IT levels of certainty. There are only two certainties in the IT security field: totally Open or totally Closed. For example, the enterprise can open Internet access or lock the Internet access.



However, the real IT world does not function in a two state mode – compromise must be made. For example, having Internet access, but compromising on access to offending sites, or update the software protocols that can access the Internet, etc. Every compromise that is made becomes a burden, for the gray area between the two certainties is infinite. Imagine the effort spent on installing Skype in a closed environment, the filtering, the blocking, compatibility with other products, and making sure that it is safe. The more you compromise the more effort you invest.



Another example of certainty is how anti-virus, anti-spyware, intrusion detection and prevention concept works. All these utilities are trying to locate the "bad" software using different algorithms. Some use known lists or known behavior, but these are compared to an infinite number of possibilities.

A basic rule of mathematics states that a finite number divided by infinite number goes to zero. Therefore, no matter how we try, compromising leads to elevated TCO, endless effort and no real protection.

What if it could be done the other way around?

There are a limited number of utilities that we know are "good". Instead of spending the effort on what is "bad" let us focus on what is "good". For example, Microsoft Office DOC files without macros are “good”, and text files are “good”. "The known good" is a certainty. Instead of filtering out the known “bad” simply filter out everything that is not the known “good".

Adding another dimension

Compromising the need to be open-productive and to be close-secured is a zero sum game when being played in a one-dimensional universe; adding another dimension creates new opportunities and solutions to address the problem.



As previously mentioned, the essence of the problem is that the enterprise's need to be closed and secure; while at the same time, the user needs to be open and free to perform his/her duties.

Can't the two really exist at the same time?

Actually they can through usage of Virtualization technology.

By separating these two processes, there is no reason to compromise any more. The enterprise can lock down, while simultaneously the user is free to perform anything he or she needs. Hence, a simple and definitive certainty is reached.

SecureOL's VE² – be secured be free manage less.