Following Through on Priority 1: Security

Security is this year's top priority for IT, and now Bill Gates is making security Microsoft's top priority.

Security is this years top priority for IT, and now Bill Gates is making security Microsofts top priority. Did I hear a chorus of folks saying its about time for Redmond to bring the same intensity to securing its products as it does to marketing them? Yes, I did, but the larger question is how quickly Microsoft can translate Gates marching orders into the types of products and systems with which we can build the computing environment we need. It is much, much harder to retrofit security into a product than make it part of the initial framework.

While much of the security concerns around Microsoft are usually voiced regarding the latest bug, worm or virus that uses your Outlook client as a virus carrier, the security issues around the companys .Net initiative hold more import to the companys future. This is absolutely the year of Web services promises and products from vendors. In a trip around Silicon Valley last week, each vendor I met with (including Sun and Microsoft) was busy building slide shows that explained how its future was built on Web services. At some point in each discussion, it was made clear that even the explosive growth of the Internet would pale beside the rise of Web services developments. My belief, however, is that without a secure underpinning, Web services will never live up to the much-hyped promise.

So now that everyone agrees security is important, how do you go about developing a secure environment? One method that those three-letter agencies such as the CIA and NSA have used is to forget perimeter-type IT defenses and focus on securing the operating system. In this weeks issue, Labs Analyst Timothy Dyck delves into .Net Framework and discovers that a secure operating system may be in .Nets future. One tool implemented by .Net Framework allows developers to apply security rights to an application instead of just to the user running the app. This technique is used in trusted operating systems and has been tested (including in our Openhack cracking competitions) and shown to be an effective firewall against crackers. The downside: Developing applications for secure operating systems is very different from traditional methods.

At eWeek, weve made IT security one of our key topics for years, and this issue includes a strong piece by Anne Chen on how to monitor and defend against security threats inside your company ("Watching your back").

And if youre wondering if all that security effort is worth it to develop Web services, look at Jeff Moads interview with Intels chief strategist, Christopher Thomas, about the value of Web services. Thomas thinks managers not developing Web services plans are missing a big opportunity. Jeffs article shows how Web services can alleviate many application integration problems.

Do you think Web services will live up to the hype? Write to me at eric_ [email protected]