IBM and Cisco missing from Microsoft alliance

Users have expressed concern at the development of rival security alliances among manufacturers.

Users have expressed concern at the development of rival security alliances among manufacturers.

Microsoft last week announced it had signed up 25 IT companies to its Network Access Protection (Nap) scheme to support end-to-end IT security within Windows 2003 R2, the next version of the company's server operating system.

However, IBM and Cisco, which support a rival alliance for securing enterprise IT, were not represented on the Microsoft list.

David Lacy, director of security and risk management at the Post Office and founding member of Jericho, the global security group representing chief security officers, said, "We would encourage suppliers to ensure their solutions are open and interoperable." He said Jericho would accept an established de facto standard. Next month the group is meeting to identify programmes for the short-, medium- and long-term.

Colin Butcher, a board member of the HP User Group, agreed that security interoperability was important. "It would be good to see a consistent security architecture, with a structure and methodology, you could work with," he said.

Mike Nash, vice-president for Microsoft's security business and technology unit, said Nap would allow users to access their corporate network from anywhere. "[Nap] will also provide system administrators with the ability to monitor and control computer access based on compliance policies for accessing the network."

Twenty-five companies, including Hewlett-Packard, Symantec, Trend Micro, Computer Associates, Enterasys and Foundry Networks, are working with Microsoft on Nap products.

In a statement on the omission of Cisco, Microsoft said, "Cisco and Microsoft have a strong alliance and long history of working together to address the needs of their mutual customers.

"Access and security are priorities for both companies and we are conducting ongoing discussions in many areas, including quarantine, virtual private networks, wireless and protocols."

In February, Cisco and IBM developed integrated security to prevent insecure devices from compromising networks.

Tony Lock, chief analyst at Bloor Research, said that although IBM and Cisco were omitted from the partnership, Micro- soft, IBM and Cisco would need to work together to ensure interoperability. One way this could be achieved is through a federated security model, where suppliers would trust each other's identity authentication systems. However, Lock said, "It is still early days for the federated approach."

Security delays
In a setback to its Trustworthy Computing initiative, Microsoft has delayed the release of its patching service Microsoft Update, which is unlikely to be available until 2005.

Last week, the company released its monthly security patch for July, which included two critical updates. The first concerns a buffer overrun in the Windows Task Scheduler and the second involved the Windows HTML help feature.

Read more on IT risk management