More on the team

"Security management is not just technology – people and organizations are equally important."

With the increasing potential of Web services to enhance business capabilities, the importance of Web security is also increasing. Hiroshi Maruyama, with a unique mix of expertise in both Extensible Markup Language (XML)/Web services and security, offers clients the ability to deliver Web services and create business value as well as enrich security.

Hiroshi once worked on IBM’s Internet Implementation Council, an interdivisional group working on how to make better use of the Internet at IBM. At the time, XML was just a good idea, but Hiroshi thought it held some interesting promise for collaboration. His interest resulted in IBM releasing an XML parser the same day that XML 1.0 was released. An XML parser is essential to process XML data because it breaks it up and processes it into a formatted output, which enables Web-based applications to read the information and operate more efficiently.

In 1997, Hiroshi began developing the digital signature and encryption for XML. At the same time that XML and security technologies were becoming robust, the capabilities of the Internet were also expanding. With Web services extending enterprise borders, confidentiality, authentication and establishing trusted relationships were the next levels of security to be developed.

Hiroshi is now exploring integrity-based computing to enhance security. He is working with the Trusted Computing Group on a hardware- and software-based solution that aims to establish levels of trust, based on a tamper-resistant hardware chip, on Internet hosts. This method helps prevent attacks by malicious software that emulates regular business applications.

Hiroshi jumped at the opportunity to work with clients on information security management consulting projects. He has also learned the importance of all the other aspects of security – corporate culture, policies, process, employee education and incentives, just to name a few, because computer and Internet security are only part of the picture.

Hiroshi is planning on taking what he is learning from client projects back to his research, helping to ensure that his future work in security meets the needs of his enterprise clients.