Microsoft is leaving no stone unturned in its
Trustworthy Computing initiative as it searches for ways to fight
viruses and hackers. But its biggest battle is to win over
cash-strapped organisations this side of the pond, says Simon
Moores.
The RSA Security Conference in Amsterdam this year saw
Microsoft making a powerful effort to display its European
credentials around privacy, PKI and information security strategy
in general.
Microsoft has been working very hard to ensure that its software
meets the approval of the regulators in Brussels, and PKI in
Windows 2003 is just one example of how it is attempting to provide
the standards framework, in this case, digital signatures, that
support the EU’s plans for a more joined-up and e-capable
Europe.
Detlef Eckert, Microsoft’s director of Trustworthy Computing for
EMEA, conceded that much greater trust, in the computing sense, was
needed to bring ICT to the next level.
“Tomorrow’s joined-up government," says Eckert, “can only be
built on a secure platform of trusted relationships. It is this
management of trust, which represents one of the greatest
challenges in the 21st century. Without widely available, reliable
and secure trust-based systems and technologies, truly joined-up
government is unachievable and e-government can only be an
aspiration.”
The head of Microsoft’s security business unit, Mike Nash,
offered what is by now, a well-polished message, that the company
is leaving no stone unturned – which includes placing a $5m bounty
on the heads of virus authors - as it searches for measures to
further reduce the risks faced by businesses fighting a constant
battle against internet-borne threats.
What worried me a little was that Nash did not appear to fully
grasp that Europe wasn’t quite the same place as the US when it
came to migration. I pointed out that on this side of the pond,
migrating from Windows NT 4.0 was a big deal for many organisations
and that quite regardless of the security argument; they weren’t
going to suddenly roll out a Windows Server 2003 and Windows XP
combination just because Microsoft said so, because of the expense
involved in doing so.
This makes Microsoft’s job harder and leaves business more
vulnerable to the next big threat, when it arrives and arrive it
will.
One question I tried to ask was, “Is Microsoft in the business
of security or in the security business?” but Mike Nash could only
offer the reply, “both of these."
Personally, I do not believe that Microsoft can continue sit on
the fence. In my mind; the company is, increasingly, becoming a
security products supplier, by default if not by intention, and
NSCGB (formerly known as Palladium), the Next Generation Computing
Base and many more initiatives underline this inexorable drift in
strategy under Trustworthy Computing.
An interesting sound bite from Mike Nash at the RSA keynote,
was the company’s comforting vision of “a place beyond patching”, a
revelatory experience, which for many of us will occur, not in this
world but ‘In a better place’ regardless of your religion, Orthodox
Windows or perhaps even Anglican Linux.
Finally, Tony Neate from the National Hi-tech Crime Unit
revealed that my web journal is now popular enough to deserve
having its URL hijacked by a UK sex site. I should be flattered but
while my name is being borrowed, I’m receiving none of the benefits
in return.
What do you think?
Is Microsoft turning into a security company?
Tell us in an e-mail >>
ComputerWeekly.com reserves the right to edit and publish
answers on the website. Please state if your answer is not for
publication.
Setting the world to rights with the collected thoughts and
opinions of leading industry analyst Dr Simon Moores of
Zentelligence.
Acting globally, Zentelligence (Research) advises
governments, suppliers, business and the media on the evolution,
application and delivery of leading-edge technologies and
specialises in the areas of eGovernment and information
security.
For further information on Zentelligence and its research,
presentation and analyst services visitwww.zentelligence.com