Following Through on Priority 1: Security
Security is this year's top priority for IT, and now Bill Gates is making security Microsoft's top priority.Security is this years top priority for IT, and now Bill Gates is making security Microsofts top priority. Did I hear a chorus of folks saying its about time for Redmond to bring the same intensity to securing its products as it does to marketing them? Yes, I did, but the larger question is how quickly Microsoft can translate Gates marching orders into the types of products and systems with which we can build the computing environment we need. It is much, much harder to retrofit security into a product than make it part of the initial framework. While much of the security concerns around Microsoft are usually voiced regarding the latest bug, worm or virus that uses your Outlook client as a virus carrier, the security issues around the companys .Net initiative hold more import to the companys future. This is absolutely the year of Web services promises and products from vendors. In a trip around Silicon Valley last week, each vendor I met with (including Sun and Microsoft) was busy building slide shows that explained how its future was built on Web services. At some point in each discussion, it was made clear that even the explosive growth of the Internet would pale beside the rise of Web services developments. My belief, however, is that without a secure underpinning, Web services will never live up to the much-hyped promise.
So now that everyone agrees security is important, how do you go about developing a secure environment? One method that those three-letter agencies such as the CIA and NSA have used is to forget perimeter-type IT defenses and focus on securing the operating system. In this weeks issue, Labs Analyst Timothy Dyck delves into .Net Framework and discovers that a secure operating system may be in .Nets future. One tool implemented by .Net Framework allows developers to apply security rights to an application instead of just to the user running the app. This technique is used in trusted operating systems and has been tested (including in our Openhack cracking competitions) and shown to be an effective firewall against crackers. The downside: Developing applications for secure operating systems is very different from traditional methods.