Microsoft outlines progress toward safer, more trusted Internet
Today at RSA Conference 2009, Microsoft Corp. discussed progress toward enabling End to End Trust, the company’s vision for a safer, more trusted Internet first introduced at last year’s event. In his keynote address, Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, also issued a call to action for the public — including those in the technology industry, business and governments — to participate through dialogue, collaboration and consensus to address cybercrime and help instill trust in the Internet.
During the past year, Microsoft has advanced End to End Trust in four critical areas: security and privacy fundamentals; creation of a trusted stack with security rooted in hardware; in-person proofing based on identify claims; and social, political, economic and IT industry alignment for change.
“The Internet has created incredible opportunities for our society such as e-commerce, new social interactions and more efficient government. But, it has also attracted the attention of criminals due to the Internet’s global connectivity, anonymity, lack of traceability and valuable targets of information,” Charney said. “And while we believe the benefits of using the Internet far outweigh the risks, people still need to be safer online than they are today. End to End Trust is Microsoft’s vision for getting there.”
Focusing on Industry-Leading Fundamentals
Microsoft’s ongoing focus on security and privacy fundamentals employs the company’s best engineering and threat mitigation practices to deliver the most secure and privacy-enhancing versions of its software to date, such as Windows 7 Beta and Internet Explorer 8. During the past year, Microsoft began sharing its fundamental security and privacy practices, such as the Security Development Lifecycle (SDL), with the broader IT community to help build more secure software and better protect customers. Programs such as Microsoft’s SDL Pro Network train and enable organizations outside the company to develop more secure applications. The Microsoft Active Protections Program, designed to provide vulnerability information to security software providers, allows Microsoft and its partners to offer more timely protections and solutions to the broadest set of customers possible.
Establishing Trust Through Technology Innovations
Charney also provided an update on how Microsoft and partner technology innovations can help people better trust the security of the devices they use to access the Internet or connect to other devices. For example, Windows 7 is helping to deliver on the End to End Trust vision by providing key elements of a “trusted stack,” a concept that ensures all components of the computing environment can be authenticated and are trustworthy, including the operating system applications, people and data. Windows 7 Beta includes support for Trusted Platform Modules (TPMs), which help enable a strong security base rooted in hardware with features such as Windows BitLocker Drive Encryption; AppLocker, which helps ensure only trusted software is running; and DirectAccess, which allows customers to create trustworthy connections between compliant devices and the corporate network.
In addition, on stage, Charney demonstrated how Microsoft Forefront identity and security solutions are providing strong management and audit capabilities that help provide better “defense in depth,” through Business Ready Security solutions that help customers more easily protect the breadth of their environments, quickly respond to threats, and enable the secure access and use of critical business information.
Offering Choice and Control in Identity Claims
Charney also outlined how people can now use technology innovations to share information about themselves while disclosing only as much of their identity as they choose. A beta technology currently code-named Microsoft “Geneva” helps to simplify this process in an open and interoperable claims-based model. By combining this new, open and interoperable identity metasystem, people can be granted access to resources while minimizing the risk of providing information that may be compromised or misused online.
Charney also demonstrated how this technology can work when combined with in-person proofing through a limited proof of concept with the Lake Washington School District. Like many school districts, Lake Washington is challenged with how to provide secure and private online access to staff, students and parents. Microsoft is working with the school district to deploy the “Geneva” claims-based identity platform, including Information Cards on small notebook PCs, across its IT infrastructure. Using this model, the district will equip students with these small notebook PCs so they can more securely access learning materials developed by the district and application providers from virtually anywhere.
Enabling Change by Aligning Social, Economic and Political Forces With the IT Industry
Sharing best practices and developing more secure technology are only part of the solution. Realizing real change requires broad collaboration across the industry. To that end, Microsoft is working with partners, both public and private, to advance the state of trust online. During the past year, Microsoft has worked with the Internet Consortium for Advancement of Security on the Internet, the Internet Safety Technical Task Force led by the Berkman Center for Internet & Society at Harvard University, the Center for Strategic and International Studies Cybersecurity Commission, and the recently announced Conficker Working Group.
In his speech, Charney signaled that Microsoft is asking individuals, partners, policy-makers and the IT industry to help enable further change and take the next step toward creating a safer, more trusted Internet. Specifically, Charney asked users to become more educated about online threats starting with advice offered at https://www.microsoft.com/protect. He called on developers to use the tools and resources provided at https://www.microsoft.com/sdl to build more secure and privacy-enhanced products and services. He asked the tech industry as a whole to find new ways for people to feel safer online with their devices, their identities, their networks and any other scenarios that will affect Internet use in the future. Finally, Charney called on Microsoft partners, customers and individuals at private and public agencies to continue to come together through dialogue, collaboration and consensus to create a safer, more trusted Internet for everyone.
“Microsoft is bringing together critical forces to enable a safer Internet as a valuable and trusted public resource that must be sustained,” said Howard Schmidt, president and CEO, Information Security Forum Ltd. “We recognize that the vision of End to End Trust cannot be accomplished alone, but will require broad industry collaboration across public and private sectors, as well as technology innovations.”