The LXer Interview: Dave Wreski of EnGarde Secure Linux
We always seem to hear about the companies that treat their customers like thieves or take away their rights, just for the sake of money. What about the companies that don't do that? What about the companies that respect their customers? What about the companies who want to make money and not take away their customers rights at the same time?
Well companies like that do exist, and if I get my way you are going to start hearing more about them. One of those good companies is Guardian Digital, the makers of EnGarde Secure Linux. Dave Wreski, the CEO of Guardian Digital was kind enough to speak with me recently. I asked him, among other things about how his company does the right thing and still makes money.
What is your position with EnGarde and what are your responsibilities?
I founded the company in 1999 and have been very excited to take it from its origins into its current position in providing comprehensive solutions for enterprise environments. As such, I am currently involved in the major strategic aspects of the company. This includes all aspects of the business including development, product engineering and strategic planning.
Could you tell our readers a little bit about yourself, when your interest in computers and software started?
Initially, I had gotten interested in computers very early on, and was introduced to Linux since its inception in the early 90s, and quickly became involved in learning about open source and what I believed to be the future of Internet technology. I had worked at a large international company called Ascom Timeplex, a provider of services for integrated voice, data communications and network based security solutions.
After leaving Timeplex, I moved on to work at United Parcel Service (UPS) as a senior architect for UPS Worldwide, managing the security architecture of the company's worldwide data centers, the secure design of partner communications with internal UPS systems and the security staff. This was a time of extraordinary growth for the company, where I also managed and directed the Internet Systems security policy.
For those who may not be familiar with your company, can give us a brief history of how EnGarde Secure Linux got started and how you became involved?
After I had been at UPS for some time, I recognized that we had a significant opportunity to increase the capability of our security, and that Linux provided this opportunity much better than other solutions. I had seen this need, and felt that other companies would value this focus on securing business-critical information from unauthorized users or any attacks that could harm the network. I felt that open source was a tremendous vehicle to achieve this and started laying the foundation for starting Guardian Digital in late 1998.
We started operations in early 1999, leveraging open source to solve critical business problems. After some evolving, we started writing and developing our own platform, EnGarde Secure Linux, seeing that our own security-focused platform was superior to the options that were available at the time.
What is it that makes EnGarde different and/or better than other distributions that claim to focus on security?
First, I'd just like to say our competition would include the complete market of security providers, both proprietary and open-source alike, specifically ones that address enterprise-level solutions and services. We have been utilizing open source security since 1999, and have used this expertise with the Linux OS to integrate and embed security into every aspect of the computing infrastructure. As far as the open source realm is concerned, unlike many solutions that bolt-on security, ours is explicitly designed with security in mind from the outset.
To understand what the differences are, it’s important to recognize that security is often a comprehensive process of engineering and maintenance. Simply adding spamasssassin (for example) to a distribution doesn't make it effective and enterprise capable - not by a long shot. Part of a secure posture requires engineering these multiple applications, in such a way that each one is secure through its use and scalability, in that specific environment.
This is what EnGarde Secure Linux provides, along with our portfolio of secure applications and managed services: A comprehensive and complete solution for all aspects of enterprise network security, in a manageable interface for proxy cache filtering, Content and Policy Enforcement, Anti-Virus, Anti-Spam, Anti-Phishing protection, Web and DNS services, Intrusion Detection and Prevention, secure remote monitoring and more.
Along with WebTool and Guardian Digital Secure Network (GDSN) providing automated updates and patches, Guardian Digital is one of the oldest firms in the industry to utilize open source to establish this kind of overall security. Because of this, many of the advantages that EnGarde provide are realized over time in the day-to-day process of maintaining and scaling security in a dynamic environment, not merely just installing some applications.
What are the main differences between the community and enterprise editions of EnGarde?
The primary differences are few, but important. EnGarde Professional provides a much greater degree of scalability. Also, our commercial offerings involve a complete array of managed services and support that the community version isn't provided with. The more important applications that enterprises require, our VPN Suite or WorkGroup applications for example, aren't available for the community as well. Largely, though, the Community version shares the same secure infrastructure as the professional platform and the basic server capability including Web, DNS and Email. So for a home user, EnGarde Community is a commercial-grade platform and is one of the most robust solutions freely available to the open source community.
What kind of graphic user interface does EnGarde Use?
Since we deployed EnGarde in 2001, we knew we wanted to demystify the often complex process of security for the average administrator, especially if they were coming from a proprietary source. WebTool, our secure remote management tool, allows for "touch-free" maintenance and configuration in a web browser. All the administering needed is accomplished through an intuitive, point-and-click graphic interface. This is especially useful when combined with the strength of SELinux deployed through a simplified interface like WebTool. It ensures not only that administration is done securely and effectively, but that the possibility of introducing insecure applications and configurations are minimized, without requiring an advanced degree in security by the administrator.
Has EnGarde benefited from making the community edition freely available?
Absolutely. In fact, that has been the staple of the company throughout our history. Part of what makes EnGarde so secure is the outstanding community that we have fostered over time, and offering the Community Edition really serves two purposes, actually. One, it provides a substantial service to the community, and two, allows us to test new changes/updates, as well as draw on the knowledge and insight of our users. Many of the changes that get implemented into EnGarde Professional get their first test with our community of users. So, yes, EnGarde benefits from this structure.
How many people do you estimate use the Community Edition of EnGarde?
As with any open source project, it's incredibly hard to gauge. We've recorded hundreds of thousands of downloads since we began in 2000, and seeing thousands of new visits each month. We recently upgraded our datacenter again to support the increased demand we're seeing after the introduction of new features including enhanced intrusion detection and the addition of numerous new open source projects.
How are sales of the enterprise edition doing and who are your target customers?
The sales of EnGarde Professional are continually growing, as we currently have over 500 customers worldwide, including Sony, Piedmont Natural Gas, divisions of AT&T, domestic and international governments, and more. Our target customers include mid-level to enterprise businesses and include an organization that wants to provide the most comprehensive security possible, in a way that isn't cost prohibitive. Open source is one of the reasons we are able to keep our costs to our enterprise-level clients lower than most of our competition.
Do you have any plans, or are you interested in signing a cross licensing deal with Microsoft?
Absolutely not. Guardian Digital will always be a completely open source business. Changing our strategy in this way would not only renege on our pioneering role in open source security, but would also dilute the quality of our development, as our community is one of our greatest assets. But, what would happen if we did seek a deal? Let's use Linspire's recent decision as an example. Seeking such an arrangement would, in effect, force Guardian Digital to relinquish its existence as an open source company. Not explicitly, but as far as I'm concerned, when you prohibit modifications or distribution of software in order to maintain licensing protection, you cease to be open source. That's just out of the question for us.
Furthermore, such "protection" is completely shrouded in ambiguity and uncertainty. The perceived advantages aren't even guaranteed if you make the required concessions. By not explicitly restricting what Microsoft can do, it gives them near-complete power in determining what software warrants protection, in what manner it's labeled as such, and when. In other words, the loopholes are so extreme they are practically a caricature of themselves. These deals are a joke. In theory, everything's safe, but in practice nothing is protected if Microsoft says it isn't. And with their track record, it's not worth taking that chance, even IF there were benefits.
Has the GPLv3 affected EnGarde Linux licensing one way or the other?
No, not really. GPLv3 took a rise after the Novell deal, and since our strategy doesn't involve this possibility, it hasn't really changed anything. Next year, we may consider readdressing licensing, but for now, GPLv2 is what we are dealing with. As open source projects continue to adopt the GPLv3, we will continue to incorporate these versions into Guardian Digital's offerings.
Are there any new features coming down the pipe for EnGarde that you can tell us about?
We are always in the process of streamlining our functionality, usability and security. One such example is the incorporation of AJAX into EnGarde Community for an enhanced Intrusion Detection interface. We are committed to keeping not only our professional platform on the cutting edge, but also our community version as well. We have a few major enhancements coming up in the future, and which are currently in the internal beta test phase. We are looking for a fall deployment, but we'll make sure to keep you posted. :)
What do you see for the future of EnGarde Secure Linux?
Open source has slowly but surely shed its skin only as an "alternative" and is now considered a primary solution. As more and more organizations realize the capability open source provides in maintaining a secure posture, especially in the burgeoning overseas markets in South America, Europe and obviously India and China, Guardian Digital will continue to lead the way and bring the inherent advantages of open source to communities and businesses worldwide.
My thanks to Dave Wreski for agreeing to be interviewed and Ryan Berens for his help in facilitating it. Unfortunately I have not had the time to do more than give it a cursory glance. But then again a review of EnGarde Secure Linux deserves more than a sentence or two at the end of an interview. Look for more on "Secure Linux" from LXer in the near future.
I told you there were companies (well, at least one) that do right by their users and customers, and Guardian Digital is one of them. See? There just might be hope for the Human species after all. :-) On the EnGarde website they provide an easy to find Wiki and Forum for users to find information, share ideas, ask questions and get help if they need it. They actually engage the users of their software in open communication, to the benefit of both the users and their business.
What a novel idea.
|Subject||Topic Starter||Replies||Views||Last Post|
|I'd like to see more of this||devnet||4||1,723||Jul 24, 2007 3:49 PM|
You cannot post until you login.