Microsoft Unveils New Security Vision as 'Stirling' Goes to Beta
Published: April 16, 2008
by Alex Woodie
Microsoft unveiled a new "vision" last week at the RSA Security conference called "End to End Trust" that has the far-reaching goals of creating a trusted stack of software, from the hardware to the OS to the applications, while ensuring the privacy of individuals and engaging all parties in a new dialog on the meaning of security and privacy in our new Internet world. Meanwhile, the software company unveiled a new piece of software: the first beta of "Stirling," its integrated security management suite for Windows.
In his keynote speech at the RSA Conference in San Francisco last week, Microsoft's chief research and strategy officer, Craig Mundie, laid out the achievements the company has made since launching its Trustworthy Computing initiative in 2001. He also presented a set of security- and privacy-related goals, as embodied in the new End to End Trust vision, that Microsoft will strive to hit in the future.
"In early 2001, I was asked to take on two things at Microsoft, neither of which I had a lot of experience with, and neither of which were highly coordinated inside the company," he says. "One was security broadly, and the other was privacy."
Since launching the Trustworthy Computing initiative seven years ago, the company has made real progress in security. Windows is, without a doubt, more secure now than it was seven years ago. However, that doesn't necessarily translate into a higher degree of security or privacy for users. Indeed, the higher degree of security in Windows has moved hackers' attention from Windows to finding exploitable flaws in applications. And along the way, the expectation of privacy in computing has suffered, too.
"We sit here in 2008 and it's really clear to me now that despite huge progress on the security side," Mundie says, "the intimacy with which computing touches people's lives . . . is escalating the challenges we have in privacy."
As part of the new End to End Trust vision, Microsoft wants to work with others to create a "trusted stack" Mundie says. "You can't just look at any one piece. You can't say, OK, the operating system is pretty hardened; the applications may or may not be. We really need to stitch these things together in some complete way," he says.
But instead of being a product roadmap, End to End Trust would bring together all interested parties--including software and hardware makers, standard bearers, industry regulators, and even users--to solve the problems of "the four As," or authentication, authorization, access, and audit.
"We need a lot of work. We can't do this by ourselves," Mundie says. "We would like everybody in the industry, whether you're on the legislative side or the government or regulatory side or the users or technical side, to really get more organized in this discussion."
So far, End to End Trust doesn't have much of a presence beyond a Microsoft Web page at www.microsoft.com/mscorp/twc/endtoendtrust/default.mspx, where users can download a white paper on the topic. But if past "vision things" from Microsoft are any indication, you can expect to hear more about End to End Trust from Microsoft in the future, and that's a good thing.
In other news, Microsoft announced the first beta of Forefront Stirling, the codename for a new product, first revealed last June, that will see Microsoft's server, desktop, and network security offerings united into a single product that users can access and control from a single management console.
Stirling will be Microsoft's first end-to-end security suite ("end-to-end" was definitely Microsoft's mantra at RSA 2008). The offering will bundle a central management console with the next-generation of Microsoft's security management products, including Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, and Microsoft Internet Security and Acceleration Server (ISA Server), Forefront Threat Management Gateway.
Forefront Stirling is scheduled for release to market in the first half of 2009. In the meantime, interested parties can register for a copy of the beta at www.microsoft.com/stirling.
Bleak Outlook for Information Security, According to Researchers
Microsoft Unveils 'Stirling' Security Suite
Post this story to del.icio.us
Post this story to Digg
Post this story to Slashdot