REDMOND, Wash., Oct. 6, 2005 — While the Internet has provided boundless opportunities for commerce, entertainment and communication, it has also spawned a new set of criminals who continually look for new ways to abuse this resource for financial gain. To protect computer users from these threats, Microsoft and others have worked to combat these criminals and improve the security of the computing infrastructure. The company has made significant progress in this effort, which is reflected in its technology investments, industry leadership and customer guidance.
To aid in this ongoing effort, Microsoft today announced the creation of the SecureIT Alliance, a group of industry partners that are working together to develop security solutions for the Microsoft platform. The SecureIT Alliance unites and expands various security and Internet safety partnerships Microsoft currently has with other industry leaders and governments, including the Virus Information Alliance (VIA) and the Global Infrastructure Alliance for Internet Safety (GIAIS), among others.
For Microsoft, tackling the security challenge demands more than just unilateral development of technology. Microsoft is also focused on providing prescriptive guidance to customers to help provide timely information, tools and training. Making progress on the security challenge also requires partnership: working with law enforcement and policymakers collaboratively across the industry. The SecureIT Alliance will enable security ISVs such as VeriSign, Trend Micro, Symantec and the 30 founding members (see Gathering in the Security Space, below) to work closer with Microsoft and each other in order to more effectively and efficiently build and integrate their products for the Microsoft platform.
“Security is an industry problem,” says Mike Nash, corporate vice president of the Microsoft Security Business & Technology Unit. “Only the industry working together can solve threats to security. We’re reaching out to all our industry partners to create an alliance to make sure that we have a great dialogue so that both they and Microsoft can build great products. The point of the SecureIT Alliance is to work with our industry partner community to create the best solutions possible. Our customers will benefit because they’ll get better security products from a wide range of vendors. And our industry partners will benefit, too, because they’ll get better information in technical depth into integrating with our platform.”
The Alliance Online
The SecureIT Alliance is developing a community site which will launch later this year (the URL will be http://www.secureitalliance.org) and provide Alliance members with greater visibility into the various Microsoft developer programs, such as betas, software development kits, early adopter programs and development labs. The site will afford Alliance members both a portal and a community of peers for sharing the information and best practices needed to build security solutions. The site will also have a public-facing side to help customers address their security needs by accessing security-related information, including case studies, videos, presentations, white papers, best practices and product information provided by Alliance members.
The Industry Fights Back
As documented in a Microsoft white paper being released today, “Microsoft Technology Investments: Helping Customers Mitigate Security Risk,” vulnerabilities in security software and equipment remain an industry-wide issue. The CERT Coordination Center, a major reporting center for Internet security problems, reported 3,780 vulnerabilities in security software and equipment across all vendors for 2004, compared to 417 in 1999. According to the report, no company or technology is immune.
“Microsoft is approaching the security problem from many directions,” says Nash. “Our strategy can be seen as having three essential components. First, we’re continuing to harden the platform, making it less susceptible to vulnerabilities. Second, we’re developing security products that run on top of the platform to help our customers. And third, we are working with the industry to provide a wide range of solutions for customers. The SecureIT Alliance will enable broader cooperation across the board: security ISVs are welcome to join. And over time, we anticipate that system integrators may become involved, too.”
Staying Ahead of Threats
Companies interested in membership in the SecureIT Alliance must develop security software and be Certified or Gold Certified Partners of the Microsoft Partner Program. Companies are required to sign a nondisclosure agreement (NDA) so that confidential information can be shared. There is no fee to join the Alliance.
“This is the right initiative at the right time,” says Nash. “The security environment is growing more complex every day. To stay ahead of the threats and remain competitive, all of us in the industry must come together.”
Gathering in the Security Space
At the time of the announcement of the SecureIT Alliance, founding members include: Altiris Inc., Aventail Corp., BindView Corp., Centrify Corp., Citrix Systems Inc., Computer Associates International Inc., Configuresoft Inc., e-Security Inc., F5 Networks Inc., Forum Systems Inc., F-Secure Corp., FullArmor Corp., LANDesk Software Ltd., McAfee, Inc., Microsoft Corp., Net Report, NetIQ Corp., Network Intelligence Corp., Panda Software, Ping Identity Corp., Quest Software Inc., RSA Security Inc., Symantec Corp., Trend Micro Inc., Utimaco Safeware AG, VeriSign Inc., Voltage Security Inc., Vormetric Inc., Webroot Software Inc. and Websense Inc.
“Customers and the world-at-large need more than just tools to fight security threats in isolation. This collaborative effort brings together key players with a sufficient critical mass to make a difference. Vendors need to work together and be more coordinated to enable better standards, better management and better risk mitigation for all. The formation of SecureIT should be an important step in this critical direction.”
–Sam Curry, vice president, security management, Computer Associates International Inc.
“Our top priority is the protection of our customers – and we recognize that one of the best ways of achieving that goal is to work with our industry partners in the new SecureIT Alliance.”
–Bill Kerrigan, executive vice president, McAfee, Inc.
“As a leading provider of enterprise systems and security management solutions, NetIQ is delighted to have been chosen to participate in Microsoft’s new SecureIT Alliance. NetIQ looks forward to working closely with Microsoft and other SecureIT Alliance members to make the Windows platform and ecosystem as secure as it can be.”
–Olivier Thierry, senior vice president, worldwide marketing and alliances, NetIQ Corp.
“By capturing all the data generated by Windows, Windows Server, SQLServer, Exchange, Web Server (Internet Information Server), ISA Server, customers have the ability to view all activity for compliance and security management. By joining this alliance, we look forward to extending our integration and collaboration with Microsoft and other security leaders in the SecureIT Alliance.”
— Upesh Patel, vice president, product marketing, Network Intelligence.
“RSA Security is proud to be a founding member of the SecureIT Alliance – an initiative that will enable our worldwide customers to better integrate authentication and encryption solutions within the Microsoft Windows environment. We look forward to the improved collaboration the SecureIT Alliance will foster, and are excited to partner with leaders in the technology industry to deliver the safest, most secure technology platforms possible.”
–John Worrall, vice president, worldwide marketing, RSA Security Inc.
“Symantec is very pleased to be a founding member of the SecureIT Alliance and we look forward to creating more integrated security and availability solutions for the Windows ecosystem.”
–Niall Wall, vice president, strategic alliances, Symantec Corp.
“Trend Micro is proud to support collaborative efforts such as SecureIT which make the increasingly digital world safe and secure. This is our corporate mission.”
–Punit Minocha, associate vice president, Trend Micro Inc.
“Our top priority is the protection of our enterprise customers data on mobile devices and in networks. The close cooperation with our industry partners in the new SecureIT Alliance is an important step to further optimize the integration of our solutions with the Microsoft platform. This enables our customers to take advantage of mobilizing their business processes and of mobile computing without the involved risks.”
— Ralf Engers, vice president, device security, Utimaco Safeware AG
“With the increasing sophistication of phishing and other online criminal activity threatening consumer confidence, the need for security vendors to work together to protect sensitive information, including confidential end-user data, is paramount. VeriSign is proud to be a founding member of the SecureIT Alliance, which will provide a platform for security vendors to work in concert to confront online crime, improve security responses and meet customer needs.”
–Chad Kinzelberg, vice president, VeriSign Security Services