Microsoft Outlines Vision to Enable Secure and Easy Anywhere Access for People and Organizations

SAN FRANCISCO — Feb. 6, 2007 — Top executives from Microsoft Corp. today outlined a vision for secure and easy “anywhere access” and committed to working with the industry to evolve networks, protection and identity to achieve that vision for customers. In their keynote address at the RSA Conference 2007, Microsoft Chairman Bill Gates and Chief Research and Strategy Officer Craig Mundie discussed how the industry can further advance efforts around trustworthy computing to enable people to access, share and use corporate and personal information without fear that it will be compromised, stolen or exploited. Although anywhere access is not a new term, Gates and Mundie expanded the definition to encompass a broad range of scenarios and technologies across networking, platforms and applications.



Keynoting RSA 2007, Microsoft Chief Research and Strategy Officer Craig Mundie (left) and Chairman Bill Gates discuss the challenges that pervasive Internet connectivity pose to the security industry. San Francisco. Feb. 6, 2007.

Also at RSA, Microsoft announced a series of product news, initiatives and industry alliances to help customers achieve anywhere access, including the upcoming availability of Identity Lifecycle Manager 2007, the public beta of Microsoft® Forefront™ Server Security Management Console, support for Extended Validation SSL certificates in Internet Explorer® 7, and new collaboration with industry partners to help combat phishing.

“Security is the fundamental challenge that will determine whether we can successfully create a new generation of connected experiences that enable people to have anywhere access to communications, content and information,” Gates said. “The answer for the industry lies in our ability to design systems and processes that give people and organizations a high degree of confidence that the technology they use will protect their identity, their privacy and their information.”

“To create the level of seamless, pervasive connectivity that will make secure anywhere access a reality, continued collaboration and cooperation across this industry is essential,” Mundie added. “If we can work together to enhance trust, it will open the door to a transformation in the way people share experiences, explore ideas and create opportunities.”

Gates and Mundie said that to further advance trust and enable anywhere access, there are three key technological areas for industry focus and momentum:

  • Evolution of networks. As businesses and the industry move forward on redefining network boundaries, policy will become the driving force for managing access — not the physical topology of the network. The goal is for the network and the Internet to appear and work as if the boundaries between them are seamless, so access for users is easier and faster.

  • Evolution of protection. To achieve this anywhere access vision, customers need comprehensive security products and services that integrate seamlessly with each other and existing infrastructure and that are easy to use and manage. There is a necessity for the industry to enable greater protection, not only when information is in transit but also when it is created and where it resides, whether on the server, the desktop or a mobile device.

  • Evolution of identity. Today, individuals and businesses struggle with an increasing number of digital identities to manage and the increased level of complexity and risk that goes with them. The industry’s collaborative efforts around the development of an identity metasystem are the right direction, and customers need this system to be based on standard protocols that address heterogeneous infrastructures in order to reduce the complexity of managing identities across networks and the Web.

Industry Alliances

Gates and Mundie reinforced Microsoft’s commitment to interoperability and its ongoing work with governments, organizations and partners to create and implement industrywide standards that enable systems and applications to work together. The company is continuing to work with the industry on the WS-* Web standard and with the Interop Vendor Alliance, a global, cross-industry group of software and hardware vendors launched in November 2006, to identify opportunities for enhancing interoperability with Microsoft systems on behalf of their customers. In the coming year, the Interop Vendor Alliance will work closely with the SecureIT Alliance, announced at last year’s RSA Conference, to expand education and outreach on cross-platform security offerings to benefit customers and partners integrating these solutions. Since its formation, SecureIT Alliance membership has grown from 30 founding ISV developers to over 100 member firms. Microsoft’s efforts with its more than 100 partners in the Network Access Protection (NAP) program are also focused on interoperability across platforms, devices and networks.

More information about Microsoft’s vision for enabling anywhere access based on trust and about recent product and partner initiatives can be found in Microsoft’s RSA virtual pressroom at http://www.microsoft.com/presspass/events/rsa/default.mspx.

Addendum: Microsoft Product and Industry Partnership Announcements

To further enable the vision of secure and easy anywhere access, Microsoft today announced the following product milestones and industry alliances:

  • Microsoft announced Identity Lifecycle Manager (ILM) 2007. Available to customers in May, ILM 2007 is a new solution that builds on Microsoft’s metadirectory and user provisioning capabilities by adding support for managing strong credentials such as certificates and smart cards. ILM provides an integrated and comprehensive solution for managing the entire life cycle of a user identity. Microsoft also unveiled a comprehensive strategy and road map for identity life-cycle management, including planned availability of ILM “2,” the next version of ILM, in late 2008.

  • On the heels of the Windows® CardSpace™ general availability launch in Windows Vista™, Microsoft demonstrated momentum with industry partners that are working to apply this technology to help consumers realize a more confident online experience. This includes the announcement of collaboration on use of Windows CardSpace with the OpenID 2.0 specification. Through the support of the WS-Trust-based Windows CardSpace experience, consumers can take advantage of increased security against phishing attacks without adding complexity to their identity management experience. Also at the conference, Wachovia Corp., Arcot Systems Inc. and Corillian Corp. showcased a proof of concept demonstration using Windows CardSpace to deliver a simpler and safer online banking experience for customers.

  • Microsoft launched the public beta of the new Forefront Server Security Management Console, a centralized, Web-based management solution for onsite or remote administration of Microsoft messaging and collaboration security solutions. The management solution is the latest in a series of product launches from Microsoft Forefront, a line of business security products designed to help organizations protect their deployed infrastructure from the latest threats and provide more secure access.

  • Microsoft announced that it has enabled support for Extended Validation (EV) SSL Certificates in Internet Explorer 7, which is the first browser to fully support EV SSL Certificates. When a user visits a site with a valid EV Certificate, Internet Explorer 7 will alert the user to the available identity information by turning the background of the address bar green and displaying identity information. Twelve certificate authorities, including VeriSign Inc., Cybertrust and Entrust, are already issuing EV SSL Certificates.

  • Microsoft has added four new data providers to the Microsoft Phishing Filter service: the Australian Computer Emergency Response Team (AusCERT), BrandProtect, MySpace.com and Netcraft Ltd., whose own broad set of Internet Explorer and Firefox toolbar anti-phishing data sources will be included as data feeds into the service. These new providers join Microsoft’s current anti-phishing data providers, which include Cyveillance, Digital Resolve, Internet Identity, MarkMonitor Inc., and RSA Security, the security division of EMC Corp.

Other recent Microsoft security announcements include the following:

  • The general availability of Windows Vista on Jan. 30. In addition to fundamental improvements in the underlying security of the operating system, Windows Vista contains numerous security features and architectural advancements, including User Account Control, Internet Explorer Protected Mode, Windows Service Hardening, Address Space Layout Randomization and Kernel Patch Protection.

  • Windows Live OneCare, also launched internationally on Jan. 30, delivers all-in-one PC care with powerful protection and simple PC maintenance for consumers. Windows Live™ OneCare™ is the next generation of Microsoft’s evolving PC care service and is available at http://onecare.live.com and retail centers in the U.S. and 16 countries worldwide.

  • As part of its secure access strategy, Microsoft recently announced the general availability of the Intelligent Application Gateway (IAG) 2007. Microsoft’s IAG 2007 combines the secure sockets layer virtual private network (SSL VPN) product obtained in the acquisition of Whale Communications in July 2006 with Microsoft Internet Security and Acceleration Server (ISA Server), in a single, consolidated appliance for policy-based secure remote access, endpoint security and application-layer protection.

  • On Feb. 1, Microsoft announced that more than 100 networking and security partners have pledged support and integration with Microsoft NAP, a policy enforcement platform built into Windows Vista and Windows Server® “Longhorn.” Over 40 of these working NAP solutions are being demonstrated at the RSA Conference.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.