Interview with Dr. Nicko van Someren, CTO of nCipher
nCipher’s CTO Dr. Nicko van Someren leads the research team and directs the technical development of nCipher products. Nicko has 20 years of experience in cryptography, software and hardware product development, and holds a doctorate and First Class degree in computer science from Trinity College, Cambridge, UK.
Introduce nCipher. When was the company started? How did it evolve?
My brother Alex and myself founded nCipher in 1996 to exploit the need for secure e-commerce transactions on the Internet. Since that time, nCipher has grown to be the leading provider of hardware-based encryption products. We are redefining cryptographic security to protect points of risk across the enterprise-from network appliances to Web servers, and custom software applications to back-end databases. nCipher provides hardware and software solutions that enable organizations to implement best practice security by addressing the challenges of cryptographic key management and performance.
What do you see as nCipher’s advantages in the security market?
nCipher has always been a step ahead of the market in terms of how cryptography should be used. For years we have been stressing the importance of managing and protecting keys, and it seems the market has finally started to catch up. Companies like Cisco, Intel and F5 are all putting cryptography directly on their chips. XML appliance vendors have to use cryptographic keys in all aspects of their security. All of these technologies need key management. Without it, encryption becomes a target and creates a new point of risk. Would you put a key to your house under your doormat and feel safe at night? Probably not. Cryptographic keys are no different; they need to be protected and monitored in order to block access to what is being secured.
We offer a very unique advantage in that our products are designed to not only protect information, but also to allow customers to fundamentally change the security processes that they have in place. One of the biggest security problems facing companies is not the lack of security equipment, but rather incredibly insecure day-to-day operations. Protecting keys in hardware and allowing for a much easier management process goes a long way towards fixing those problems.
nCipher’s products will continue to focus on improving the management and protection of keys, and will continue to also include the acceleration capabilities that our customer base needs as they implement processing-hungry cryptographic applications.
Security issues are the number one problem to the adoption of XML Web services. What does nCipher offer to ensure the security of XML Web services?
The challenge of deploying security to XML applications and Web Services represents a barrier to widespread adoption of these services. Providing capabilities such as privacy, authentication, authorization, integrity and non-repudiation through the use of cryptography and digital signatures has already been established as best practice security in the SSL and PKI markets. These proven security techniques have been incorporated into the XML security standards developed by the W3C. As with any use of cryptography, the management and protection of the cryptographic keys and overall performance issues are critical to the successful delivery of Web Services. nCipher is the market leader in applying hardware-based cryptography to manage and protect cryptographic security and its products are therefore ideally suited to meet the security needs of XML and Web Services today.
Your hardware security module for e-Payments payShield is dedicated to combat online fraud. Introduce its features.
The payShield HSM meets the security needs of card-issuing banks, payment processors, merchants and e-payment providers implementing 3-D Secure and other standards, providing key management for symmetric and asymmetric keys within a single device, cryptographic acceleration, real-time authentication of customer transactions and APIs supporting customized encryption, decryption and signing functions.
Your products, nForce and nFast are both SSL accelerators that enhance Web server performance. What are their features?
nForce secure SSL accelerator provides enhanced server performance with powerful acceleration capabilities to expand server processing capacity, security infrastructure scalability through a modular architecture, advanced key management and improved manageability by allowing the establishment of responsibilities and authority to manage a multitude of digital keys across a network.
nFast 800 is a high-performance PCI card that removes the burden of the power-hungry software process that underlies the SSL protocol and is plug-and-play compatible with leading Web server packages and operating systems. nFast 800 provides the capacity for a single server to establish 800 new SSL connections per second.
Protegrity is one of your partners. What does your partnership consist of?
nCipher entered into a partnership with Protegrity in September of 2002. We are tightly integrating our nShield product line with their Secure.Data software to give customers a solution that addresses stringent government, industry and internal auditing standards for protecting the privacy of sensitive database information against internal and external threats. As part of this agreement, we entered into a joint marketing and strategic alliance partnership with Protegrity that includes ongoing collaborative development of secure database encryption solutions.
What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
From a cryptography point of view, the cryptography in use now is good enough for the foreseeable future. It takes an amazing amount of effort to break ciphers now and with longer key lengths brute force attacks become exponentially more difficult. It really is as simple as doubling key length to keep ahead of the processing power and new brute force attacks that can be made on a key. With that said, enterprises and e-commerce providers do have the cryptography that can keep them secure for a very long time.
What does have to change in cryptography is how the crypto keys are managed and protected. While it is very hard to break a key, the real threat lies in key management and distribution of the keys. Grid computing cracking a key should not worry a CSO. A key left unprotected for a rogue employee to openly steal, should.
And more and more systems and services will be using cryptography, which will exacerbate the management problem. Web services are a perfect example of how the need for key management will be the real next gen need for cryptography. Being able to have keys be used across networks, quickly change with organizational changes, managing the life cycle of a key from birth to death. Those are the issues that will have to be dealt with and what our customers need. These other technologies, such as quantum and photonic encryption, are more science fiction then science fact right now and use of them in any practical way will not happen for many years.
What developments does nCipher envisage in 2003?
One of the areas that we will be working more specifically on is integrating our products with vendors that are marketing the highest levels of cryptography and security. There will be a market for customers that want to tell the world that they have the most secure networks available and people may well be prepared to pay a premium for working with these secure networks. Protecting and managing keys in hardware is simply best practice security and this is what we do best. We will continue to work to integrate our products with vendors that are looking to benefit from selling security as a marketable differentiator.