GCN Tech Blog

By GCN Staff

Blog archive

Multilevel security pricing, take two

These few working days before New Year's Eve are always a slow stretch for the GCN Tech Blog. It's a good time to catch up on old business.

One item we needed to follow up on was an entry last month about the costs of implementing multilevel security systems, or computers that could access networks of differing levels of security.

At the Red Hat Users and Developers Conference held a few months back, Trusted Computer Solutions (TCS) chief operating officer Ed Hammersla made the case that it was less expensive to implement a SELinux-Based MLS system than one based on Solaris Trusted Extensions offered by Sun Microsystems.

Specifically, Hammersla noted that the Sun implementation would cost, per client $3,024, while the SELinux TCS package would cost about $609.

Bill Vass, head of Sun Federal, has since disputed those numbers, in a subsequent interview with GCN.

Vass noted on an equivalent implementation, "our solution is half the price of theirs," or about $317 per user.

He said the price difference came about because TCS compared a price of a Sun implementation done for the Defense Intelligence Agency, one that connected to 21 networks, to its own implementation, priced for connecting to 2 networks.

The price difference came about purely because, according to Vass, DIA needed to run a high-end server capable of holding 21 network cards. The additional cost per user came strictly from the purchase of such premium hardware, which would be necessary with the TCS implementation as well.

He did agree with the underlying premise of Hammersla's point though, that multi-level security is becoming more of a commodity market, with prices dropping as the components become more standardized. It's good news for the intelligence agencies.

"You can run on our solutions on anyone's hardware," Vass said.

Posted by Joab Jackson on Dec 28, 2007 at 9:39 AM


Featured

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.