System security or fixes, open source model is the way to go

It’s seen as a model that can help deliver more value to enterprise
customers through quicker innovation, established security and reliable performance. The operating principle seems rather novel:

The more people access source code, the fewer the secrets embedded in the code, thus making it more secure.

Computing security has never been more important. Increasing regulations, differing requirements from international locales and sophisticated attacks all contribute to serious challenges that call for thorough solutions.

Comprehensive security not just covers a broad range of solutions but offers strategies for managing systems today and for the future. Attention to security must be pervasive across all technologies a company uses and functionalities it provides.
There are some fundamental elements of any sound security solution that must be observed:

Access: Security starts with defining who can access your systems, and what role each user will play. Systems must offer convenient identity management through enterprise directories, authentication of that identity through authoritative sources and definition of roles and allowable actions through enforced access control.

Activities: Once identified, systems must ensure that users can only perform actions that are consistent with their roles. Protecting access or modification of data - while in storage and in transit - is critical.

Auditing: The system must be able to track and document users’ actions to meet compliance requirements, keep tabs on complex activities and identify unauthorised actions that may have occurred through software failures or hacking.

Open Source Development Model
Though reviewed, tested, and certified for enterprise use, experience has shown that almost no software is perfect — flaws may still be found. But the open source development model provides a fast-innovating and reliable resource to bring forth software that meets user needs, including security fixes.

Software developed using open source software principles offers technology innovation beyond proprietary alternatives. The more people access source code and employ their expertise to examine it, the fewer the secrets embedded in the code. This openness helps code become more secure.

Leveraging the model and its broad ecosystem of certified applications and hardware platforms, open source can help deliver more value to enterprise customers through faster innovation, established security and reliable performance.

Integrating security into IT systems
In the current environment, a proactive security approach is one of the requirements that define a project and the architecture that structures a design as well as the technologies that implement it.

Security has to be integrated into a system as thoroughly as any other business need and its efficacy is defined by its ability not only to prevent security breaches real time, but also do it as early as possible. Security-Enhanced Linux (SELinux) has been part of the open source community since 2000 when Red Hat and additional participants teamed up with the United States National Security Agency (NSA) to develop the technology. SELinux provides a mechanism for enforcing access control security policies, including United States Department of Defense Mandatory Access Controls (MAC), through the use of Linux Security Modules (LSM) in the Linux kernel. The strong access control architecture of SELinux is well-entrenched in the Linux kernel.  

It separates policy definitions from implementation of those policies,  allowing creation of the policy rules that define and constrain system behaviour while a system is being deployed.

The data, programmes and physical devices that compose a computing environment are critical resources, and controlling access to those resources constitutes a crucial security challenge. Granting access to a resource is contingent on authenticating the user requesting the access, and determining whether they are authorised to make the request.

Some operating systems (OS) rely on password protection, course-grained permissions, or ad-hoc application controls to implement access control. For customers interested in higher security, the functionality of SELinux in the OS can be extended. Policies can be written for additional applications or a ‘strict’ environment can be deployed where mandatory access controls protect all resources.

As the ongoing management and remediation of flaws and vulnerabilities are just as important as the initial development process, organisations should implement a robust and open security programme. Using security solutions have been reviewed, tested and certified for enterprise use, as ongoing security provided by a robust process and a dedicated team would help in preventing critical security problems.

The writer is general manager, Red Hat India.