Microsoft is detailing several of their security initiatives at the RSA Conference in San Francisco this week, including a new strategy for enterprise security (dubbed Business Ready Security) and a revamped vision of how Microsoft can contribute to making Internet access and usage even more secure, which Microsoft calls End to End Trust. This vision is based on a document written by Scott Charney, Microsoft corporate vice president of Trustworthy Computing, that was introduced at RSA 2008. (Read a transcript of Scott Charney's RSA 2009 keynote here.)
According to Doug Leland, general manager of Microsoft’s Identity and Security Business Group, the Business Ready Security strategy involves three primary focus areas: providing protection across the breadth of the enterprise and giving users the appropriate level of access based on their identity; helping make compliance and security management easier for IT pros; and extending security not only across Microsoft products, but also improving interoperability and security athroughout the enterprise with other platforms and operating systems.
By itself, Business Ready Security provides a strategic outline of Microsoft's enterprise security efforts, but additional benefits are realized when that strategy is coming with Microsoft's End to End Trust initiative. Leland's Identity and Security Business Group is comprised of formerly disparate enterprise efforts in identity and security, but were recently merged under the "better together" mantra. That collaborative approach works well with Business Ready Security and End to End Trust, an idea that Leland elaborated on in a post earlier this week on the Microsoft Forefront Team Blog:
As the RSA Conference starts this week, I wanted to take the opportunity to explain how Business Ready Security connects to End to End Trust.
The first piece of End to End Trust is security and privacy fundamentals – such as implementing the Security Development Lifecycle (SDL), employing defense in depth and providing threat mitigation. Business Ready Security ties to this closely, because our identity and security solutions provide data for - and are strengthened by - our security research and response, such as the recent Security Intelligence Report and the Microsoft Malware Protection Center. They are also built with the SDL.
The second piece of End to End Trust is the creation of a trusted stack where security is rooted in hardware and where each element in the stack (hardware, software, data and people) can be authenticated in appropriate circumstances. People want to establish the “trustworthiness” of devices and systems, and the connections they make to them. This is where Business Ready Security and our technology innovations are most closely connected to the vision, with our current and future Forefront solutions, for example.
The third piece involves managing the claims relating to identity attributes. Supporting this is "Microsoft" Geneva, a new set of technologies that make it dramatically easier for companies to build secure access into software and services.
Note: Windows IT Pro will be covering RSA most of this week, so check for updates on the latest security news and products by visiting the Windows IT Pro website and our Twitter.com/jeffjames3 and Twitter.com/windowsitpro Twitter feeds.