RSA: Microsoft Makes a Case for Security Optimism

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

SAN FRANCISCO. Week after week, we are all bombarded with new security headlines about threats and attacks. Even though the IT security landscape is not lacking challenges, Microsoft’s Scott Charney, Corporate VP, Trustworthy Computing, believes that there is reason for optimism.

“My optimism is not delusional,” Charney said. “It is based in fact.”

Charney delivered a keynote at the RSA 2013 security conference this morning about why he is optimistic about IT security.

“In the last year the world has changed from a client server view of the world to a more complicated model due to the cloud,” Charney said. “The world is now also increasingly looking at regulations, compliance and certifications.”

Though the world is changing, Charney sees the need for stability at the core in the form of a trusted software stack. It also relies on trust in hardware as well. In particular, Charney highlighted the UEFI Secure Boot approach that Microsoft has adopted for Windows 8 as being a big advance. With Secure Boot, only trusted and secure code can boot from a physical piece of hardware.

Charney also sees increasing adoption of security development lifecycles.

“Attackers will attack the weakest links,” Charney said. “Microsoft’s biggest accomplishment with the secure development lifecycle was that we proved we could scale it across 36,000 engineers.”

Charney added that when markets demand secure development there an inflection point and good things will happen.

The move to cloud and mobile app store-based deployments is also a positive trend. Charney said that cloud and app store models make it easier to keep people up to date with the latest versions of software.

Charney also sees a positive trend in terms of user roles and application control. He said that if you keep administrative rights contained and whitelist applications, that will prevent about 85 percent of successful attacks.

“I expect to see an intense focus on operational security,” Charney said.

Charney is also optimistic about IT security on a global level as multiple countries collaborate. He noted that there has been a solid amount of harmonization across countries when it comes to cybercrime, with more to come.

“We need common criminal laws so the same kind of conduct is criminalized everywhere and we need expedited process for sharing information across borders,” Charney said. “We have harmonization and some great success today.”

That said, there are still challenges, though Charney argued the challenges are in the technology. In his view is it still hard to do attribution and find the source of the attack.

“Today there is too much noise in the network and we can’t tell the serious stuff from the non-serious stuff,” Charney said. “That’s one reason to use big data.”

Though Big Data is important, Charney said that if more transactions are robustly authenticated, than the pool of information to find suspicious activity will be more manageable.

Charney admitted that though a lot of bad things can and do happen in the security world, optimism is about the future state of affairs is justified. He said that the world has moved from a point where there was highly vulnerable software to a world where things are more secure.

“We have made great headway and now done a bunch of things that make us secure,” Charney said. “It creates for us an opportunity to fundamentally reshape our posture, where we can be less reactive and more predicative.”

microsoft, security

Microsoft’s Scott Charney, Corporate VP, Trustworthy Computing

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.