Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Security Out of the Box

    By
    Scot Petersen
    -
    March 8, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Its a paradox: If computer security—or perhaps I should say computer crime—werent so bad, there would be little need for the vibrant industry thats growing up around it.

      In this age of MyDoom, a record number of attendees turned up in San Francisco for the RSA Conference late last month. It didnt hurt that Bill Gates, Microsofts chairman and chief software architect, was the shows headliner. Gates explained everything the company is doing to make its products more secure—which, if successful, could put many of the vendors in attendance out of business.

      /zimages/1/28571.gifFor more on Gates keynote, read “Gates Unleashes Security Initiatives at RSA.”

      Surprisingly, though, Gates audience responded with a warmth that went beyond mere politeness. It could be that the security community recognizes the ubiquity of Microsoft technology in the enterprise and really wants the company to succeed. Or security pros just might be willing to wait for the marginal improvements in security services in Windows XP Service Pack 2 later this year, and for the rest of the ingredients of Trustworthy Computing that will come out in the “Longhorn time frame”—get used to that phrase—which means 2006 at the earliest.

      /zimages/1/28571.gifRead “Microsoft Ship Dates Falling Like Dominoes.”

      Or it could be that the attendees recognize it doesnt really matter what Microsoft does. No matter what kind of “Active Protection,” “Dynamic System Protection” or any other underarm solution Microsoft concocts, the next bug or exploit is just waiting to be found.

      Perhaps they recognize that Microsoft is taking security very seriously. Indeed, the company is devoting billions to fixing the problems as best it can. It also has a crack IT security staff. At RSA, Jared Pfost (as in “post”), group program manager for Microsofts internal IT team, outlined what the company does to protect itself in what is naturally a Microsoft-centric software environment.

      His team has to manage security of more than 300,000 networked devices, 55,000 employees and 90,000 e-mail boxes worldwide. Every month Microsoft blocks some 100,000 intrusion attempts and quarantines 125,000 e-mail messages. Outside of the Slammer worm last year, the companys networks havent flinched. Still, not every company has the IT resources of a Microsoft, where 55 people manage security policies and response strategies full time, Pfost said.

      In his speech, Gates pointed to the growing collection of culprits: the script kiddies, hacker hobbyists, experts and specialists. But if you leave your keys in the car while you pop into the convenience store to buy a gallon of milk, is it the thiefs fault your car was stolen?

      We live in dangerous times, when the MyDoom disaster can cost many billions in lost data and productivity and system downtime. The finger-in-the-dike approach to security is not working. It works some of the time, to be sure, but it is not sustainable long term. Viruses, worms and other hacks are, like spam, going to overwhelm us, slow down the productivity weve worked to achieve through technology and, as VeriSign CEO Stratton Sclavos argues, slow down the adoption of new technologies.

      Its time for a new approach. Its been about seven years since I first saw Suns Scott McNealy demonstrate the Java Card authentication system. It was cool and made a lot of sense at the time, but few bought into the proprietary nature of the plan.

      In the years since, Java and the Java Card have evolved, and there at RSA was Suns Jonathan Schwartz, demonstrating both the Java Desktop System and Java Card. Authentication systems make even more sense today, with computing power and bandwidth much more plentiful. Only users authorized to use a device can use it. Only applications authorized to run on those devices can run. Simple.

      Its not so simple to replace Windows everywhere, nor am I advocating such a strategy. But savvy IT managers owe it to themselves and their enterprises to try new approaches to security.

      A sound investment strategy always begins with diversification. Many enterprises, however, remain locked into a technology, either by choice or by compulsion. They wait, complacently, for that one short stream of code, opened by an unknowing user on one PC somewhere, that can cripple the company and propagate across the rest of the world in minutes. Its a risk to try new things, but it could be a greater risk not to.

      Scot Petersen can be reached at scot_petersen@ziffdavis.com.

      /zimages/1/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
      Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      Scot Petersen
      Scot Petersen is a technology analyst at Ziff Brothers Investments, a private investment firm. Prior to joining Ziff Brothers, Scot was the editorial director, Business Applications & Architecture, at TechTarget. Before that, he was the director, Editorial Operations, at Ziff Davis Enterprise, While at Ziff Davis Media, he was a writer and editor at eWEEK. No investment advice is offered in his blog. All duties are disclaimed. Scot works for a private investment firm, which may at any time invest in companies whose products are discussed in this blog, and no disclosure of securities transactions will be made.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×