Microsoft Chairman Bill Gates on Tuesday laid out a comprehensive security strategy designed to highlight improvements in the forthcoming Windows Vista operating system.
He also spoke about other technologies that are becoming integral components of Microsoft's software and services as the company attempts to stay one step ahead of those attacking its technology seemingly from all sides.
Gates, who delivered his message at the 2006 RSA Conference, emphasized the creation of a "trust ecosystem" that fosters accountability among computer users. Gates asserted that this accountability not only must cover individuals and organizations but also must include code and devices themselves.
Industry-wide cooperation is critical to security, Gates said, citing the development of an identity-management metasystem for the safe exchange of personal information across the Internet. To that end, the Vista OS will include "InfoCards" as a critical identity-management tool.
Reinventing User Authentication
In addition to being native to Vista, InfoCard technology, designed to provide a greater measure of protection in accessing resources and sharing personal information on the Internet, will be delivered as part of WinFX, Microsoft's managed code programming model, and will support Internet Explorer 7, Windows XP, and Windows Server 2003.
Gates also discussed the company's commitment to simplifying identity and access management in the enterprise. Beginning with the release of Longhorn -- the next version of Windows Server -- Microsoft will expand the role of Active Directory to include rights-management services, certificate services, metadirectory services, and federation services.
The expanded capabilities of Active Directory will provide customers with a unified identity- and access-management infrastructure that spans enterprise and Internet scenarios. Gates also announced the first beta of Microsoft Certificate Lifecycle Manager, a policy- and workflow-driven technology designed to streamlines the provisioning, configuration, and management of digital certificates and smart cards.
Designs on Security
Gates said that "isolation technologies" to protect users against the threat of malicious software, trust-based multifactor authentication, policy-based access control, and unified audit across applications must be integrated at the platform level.
He issued an industry-wide call for engineering security in all stages of technology development, encouraging software developers to think of security not as an afterthought but as a "guiding principle."
The concept of security as a design principle could go a long way toward developing safer computing and Internet use, suggested Forrester Research analyst Paul Stamp.
"Microsoft is now considering security design as a critical item on the list of I.T. concerns when it deploys new solutions, with such integration at the core level making systems manager jobs that much easier," he said.
Building a Trust Ecosystem
Stamp also noted that a "trust ecosystem" will become critical as the need to share information on the Internet and within business systems increases by leaps and bounds. "Enabling such broad-based sharing requires a framework so that people feel protected, and now we have a major I.T. vendor that is pushing efforts to get people to trust each other," he said.
Identity-management initiatives, such as InfoCards, provide security from the get-go, said Stamp, with integrated, real-time user verification.
While Microsoft has been dogged by years of less-than-perfect business practices, the company is making progress, the analyst said. "It takes time to address all of the security issues related to their products, and they are doing as good a job as anyone else in the market to protect their customers."