Microsoft has changed its approach to security in recent years by focusing more on secure application development and automatic updates. But many people still worry about online security and privacy, and Microsoft believes that there's more work to be done to address these concerns.
These were among the key themes of a Tuesday keynote speech at RSA 2009 in San Francisco, in which Scott Charney, corporate vice president of Trustworthy Computing at Microsoft, outlined the company's ongoing efforts to continue to improve the security of its products through what it calls the End to End Trust model.
When it comes to verifying users' identities online, the old method of using Social Security numbers, date of birth and mother's maiden name is no longer good enough, Charney said. As a result, Microsoft has been working to build a trusted stack of hardware, software, data and people that will address the traditional deficiencies of passwords.
"The way we do identity today is completely flawed," Charney said. "We need a different model to think about identity, and not an authentication model that strips away anonymity."
Microsoft's decision to share its security development life cycle with the development community has helped solidify the notion that security is an ecosystem problem, according to Charney.
Last week, Microsoft rolled out a public beta of its Stirling security suite and a host of partnerships with security vendors to allow their security event data to flow through Microsoft's Forefront Stirling Management Console. In addition to illustrating the ecosystem idea, this helps Microsoft gather disparate pieces of data and develop a picture of a particular organization's security posture, Charney said.
In the past year, Microsoft has publicly released a threat-modeling tool for ISVs, and with the help of partners, is teaching other organizations how to emulate the security development life cycle process.
"Attacks are moving up the stack, and we need ISVs everywhere to do more threat modeling," Charney said.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
