IT Security

Microsoft Proposes Cross-Industry Effort To Address Online Trust Challenge

• By Dian Schaffhauser
• 04/10/08

Microsoft Corp. this week initiated a call for action to address the future of security and privacy on the Internet. In a speech by Chief Research and Strategy Officer Craig Mundie, the company proposed "End to End Trust," a pitch for organizations, including vendors and user organizations, to work together to create a more secure and trusted online environment.

The initiative encompasses three aspects:

• Creation of a trusted stack where each element in the stack can be authenticated and is trustworthy, including the hardware, operating system, applications, people, and data;
• A system that enables people to present their identity claims while addressing issues of authentication, authorization, access, and audit; and
• A framework for achieving closer alignment between technological, social, political and economic forces.

"Our goal is a more secure and trustworthy Internet, but it's also important that we give people the tools that empower them to make good trust choices," Mundie said.

"Microsoft and the technology industry alone cannot create a trusted online experience," said Scott Charney, corporate vice president of Trustworthy Computing at Microsoft. "For that to happen, the industry must not only come together but also work with customers, partners, governments and other key constituencies on a road map for extending Trustworthy Computing to the Internet."

As a Microsoft whitepaper points out, even though vendors have introduced a number of security efforts in their software, "Spam does not normally exploit vulnerabilities, nor would one turn off mail by default. There is also very little a specific user or enterprise can do to prevent a distributed denial-of-service attack from a botnet."

"Making trust decisions based on a validated level of security and in support of desired privacy is a pressing concern for organizations and consumers," said Kurt Roemer, chief security strategist for Citrix Systems. "It's time for a global collaborative effort to define and support an actionable end-to-end trust model that can help balance the often competing interests of privacy and security."