REDMOND, Wash., Feb. 6, 2007 – The connected world is no longer simply a vision. Increased bandwidth, pervasive Internet connectivity and greater mobile capabilities have made it feasible for people to work, play, shop and conduct their lives from virtually anywhere. Despite these increased capabilities, people are still concerned about the safety of their personal or business-related information.
In their keynote today at the RSA Conference 2007, the technology-security industry’s annual conference, Microsoft Chairman Bill Gates and Chief Research and Strategy Officer Craig Mundie discussed the state of security, the threat landscape and the vision for a world of secure and easy anywhere access. They spoke to the need for an industry-wide ecosystem where personal and corporate information is protected so that users can access, share and use information without worrying about it being compromised, stolen or exploited.
The keynote reflected an Executive E-Mail sent today by Gates to Microsoft customers, which proposed that the answer to advancing a connected world lies in trust – in creating systems and processes that are always secure so that people and organizations have a high degree of confidence that the technology they use will protect their identity, their privacy and their information.” Gates outlined identity, network and protection as areas the security industry must focus on to build customer trust and ensure that anywhere-access becomes a reality.
The presentation at RSA comes on the heels of last week’s launch of Windows Vista, which Microsoft heralded as the most secure, privacy-enhancing and extensively tested operating system it has ever released. Features in Windows Vista such as User Account Control and Group Policy for Devices give IT staff greater control of how employees use the network and the devices they can use. Microsoft noted that many of these improvements are a direct result of processes related to the company’s ongoing Trustworthy Computing efforts, and that Trustworthy Computing has become an integral part of the company’s development processes, and transformed the way it approaches security and privacy protection.
The Roadmap to Secure Anywhere Access
At RSA, Microsoft also announced several new, security-related products and partner initiatives including:
The launch of Identity Lifecycle Manager (ILM) 2007
The release of public beta for Forefront Server Security Management Console
Support of Extended Validation (EV) SSL Certificates in Internet Explorer 7
A Windows CardSpace proof-of-concept demonstration, and collaboration with the OpenID 2.0 specification
The addition of four data providers into Microsoft’s Phishing Filter service online database
Microsoft also recently announced other key, security-related initiatives, including the general availability of the Intelligent Application Gateway 2007, a Microsoft Network Access Protection 100-partner milestone, and the launch of Windows Live OneCare. These announcements represent Microsoft’s efforts to address the need for more efficient identity management, simpler network access control, and more resilient protection.
Improving Efficiency with Identity Management
As people spend more time on the Internet and use more devices on a day-to-day basis, they create numerous username/password combinations across the landscape of their virtual life. Tracking each of these identities at work and home becomes a cumbersome task for the computer user, and also complicates the jobs of IT professionals who must manage many of these identities to secure a company’s network.
To address the need for more efficient identity management, Microsoft outlined a comprehensive strategy and roadmap, and provided details on product offerings that will reduce the cost of managing user information, credentials, access control, and compliance.
With general availability scheduled for May of this year, ILM 2007 will provide a new solution that builds on the metadirectory and user-provisioning capabilities in Active Directory, Windows and Office, and adds support for managing strong credentials such as certificates and smart cards. Microsoft described ILM as a centralized solution for managing the entire life cycle of a user identity by providing identity synchronization, certificate management and user provisioning that will work within a heterogeneous environment. Along with the launch of ILM, the company called this solution an example of how the technology and tools it is developing will help IT staff easily update the policies associated with each employee’s identity so they accurately reflect a person’s role, what the person is authorized to do on the network, and the information the person is allowed to use.
Industry momentum around Windows CardSpace also continued at the RSA conference with news of collaboration of Windows CardSpace with the OpenID 2.0 specification. Through the support of the WS-Trust – a Web service that has been adopted as an industry standard to help ensure trusted transactions – consumers using Windows CardSpace can take advantage of increased security against phishing attacks without adding complexity to their identity-management experience. Conference attendees also caught a glimpse of a simpler and safer online banking experience for consumers through the use of Windows CardSpace. The proof-of concept-demonstration showcased by Wachovia Corporation, Arcot Systems, Inc. and Corillian Corporation served as one of the many ways consumers can receive a simpler and easier online experience with Windows CardSpace.
Simplifying Network Access and Management
Firewalls have been the primary means of protecting corporate networks in the past, but they don’t provide the flexibility needed to meet the demand for anywhere access or to respond to the current threat landscape. Microsoft said that, to address this challenge, IT professionals must be able to manage network access and assure protection of network assets using policy rather than topology (the physical infrastructure). Likewise, end-users must experience a seamless boundary between networks and the Internet.
To help customers move toward this anywhere-access network environment, Microsoft recently announced the general availability of the Intelligent Application Gateway 2007 (IAG), a new product that will help ensure that remote access is secure. Microsoft also announced that 100 technology partners have enlisted in support of Network Access Protection (NAP), a policy enforcement platform built into Windows Vista and Windows Server “Longhorn” (the code name for the next generation of Microsoft’s server operating system).
Integral to its secure access product strategy, IAG combines the Secure Sockets Layer Virtual Private Network (SSL VPN) – a product obtained through Microsoft’s acquisition of Whale Communications in July 2006 – and Microsoft Internet Security and Acceleration Server (ISA Server). By combining these two products, IAG provides a single appliance for enforcing granular, policy-based access controls for secure, remote access and strong end-point security and application-layer protection.
At RSA, Microsoft also demonstrated the NAP platform interoperating with networking equipment from partners such as Cisco, Nortel, Extreme Networks and Foundry Networks. NAP is now the largest partner ecosystem for network access control, and provides customers with a broad choice of networking and security solutions from those partners that have pledged support for NAP.
Delivering Solutions that Help Protect Customers
Security and privacy attacks have evolved and will continue to do so with the advance of technology. In response, Microsoft stated that security solutions must be more comprehensive and integrated, while providing a simplified experience for users and IT professionals. Further, information must be protected at all times – when it is created; while it resides on a computer, server or device, and when it moves from one location to another. Software applications and operating systems must also be designed and built with security in mind to ensure that systems are resilient from attack.
Microsoft touted today’s release of the public beta for Forefront Server Security Management Console, and adoption of Extended Validation SSL Certificates for Internet Explorer 7, as examples of its investments to increase customer protection.
The Forefront line of business security products, launched in June 2006, provides customers with protection across their deployed infrastructure, whether on the client, the server or the edge of the network. According to Microsoft, Forefront Server Security Management Console will provide a centralized, Web-based management solution for on-site or remote administration of Microsoft messaging and collaboration security solutions, including Forefront Security for Exchange Server, Forefront Security for SharePoint, and former versions of Microsoft Antigen products.
As announced by Microsoft today, it has enabled support for Extended Validation (EV) SSL Certificates in Internet Explorer 7, and is working with leading certification authorities to provide a better mechanism to verify a web site owner’s identity, which will thus help boost customer confidence in online transactions. Internet Explorer 7 will be the first browser to fully support EV Certificates, the next generation of the popular SSL certificates that are widely used today. With the support of EV Certificates, Internet Explorer 7 will turn the background of the address bar green when a customer visits a site with a valid EV Certificate, and customers will also be alerted of encrypted communications and provide users with more information about who they are sharing sensitive data with. Twelve certificate authorities, including Verisign, Cybertrust and Endtrust, are already issuing EV Certificates.
Microsoft also announced the addition of four new data providers to the Microsoft Phishing Filter Service. Australian Computer Emergency Response Team (AusCERT), BrandProtect, My Space.com and NetCraft will each be included as data feeds into the Phishing Filter service, and will contribute their respective sets of Internet Explorer and Firefox toolbar anti-phishing data sources. These new providers join Microsoft’s current anti-phishing data providers, including Cyveillance, Digital Resolve, Internet Identity, Mark Monitor and RSA, the Security Division of EMC. As part of Internet Explorer 7, which has had more than 100 million downloads since its launch, the Phishing Filter has helped protect people from Web fraud and identity theft by blocking over 10 million attempts to visit known phishing sites at a current rate of over 1 million blocks a week.
Working Together Reliably and Securely
Microsoft noted that before anywhere-access can become a reality, systems, processes, programs and applications must be able to work together reliably and securely. Microsoft reiterated its commitment to working with governments, organizations and industry partners to create and implement industry-wide standards that enable greater interoperability. The company is already working with security and networking partners to help move toward this vision of anywhere-access:
Network Access Protection (NAP): A standards-based policy enforcement platform built into Windows Vista and Windows Server “Longhorn” that achieved interoperability architecture with Cisco Network Access Control and more than 100 industry partners in the ecosystem that have pledged to integrate with NAP.
Interop Vendor Alliance: Launched in November 2006, this global group of software and hardware vendors is working together to enhance interoperability through scenario-based testing, and by sharing information about interoperability solutions with customers.
SecureIT Alliance: Founded in October 2005, the SecureIT Alliance is a group of industry partners working together to develop security solutions for the Microsoft platform. The founding members range from well-established security providers such as Symantec Corp., McAfee Inc. and VeriSign to innovative startups such as Avoco Secure limited, Centrify Corp. and e-Security Inc.