Microsoft: Let's talk about trust

Microsoft can't build the next generation of trusted computer systems on its own, the company's chief research and strategy officer said Tuesday.

Speaking at the RSA Conference, Craig Mundie called for industry dialogue in building a new generation of secure systems, an idea that the company is calling end-to-end trust.

[ For more coverage, see InfoWorld's special report on the RSA Conference 2008 ]

"This end-to-end trust proposal that we've put together is not a product road map, it’s a way of framing the problem," Mundie said. "All of these things that get to the questions of authentication, authorization, access, audit."

Microsoft believes that the technology industry needs to take a more integrated approach to building computer systems that let people establish trust and disclose private information in the same way as in the "real" world. From devices with hardware-based authentication to operating systems and programs that can talk to other programs about their own trustworthiness to ways of keeping track of where data has been, there are many challenges ahead, Mundie said.

In an earlier keynote address, Art Coviello, executive vice president of EMC's RSA division, said that security systems have a long way to go before they are intuitive. "Existing security technology ... abounds with failures," he said. "Tools that aren't even close to behaving the way that people think."

He called for a "thinking security ecosystem that works across all components of the infrastructure."

Microsoft will need industry cooperation to work out what protocols and formats they'll need to create these end-to-end trust systems, and what kinds of regulations make sense. "We need a lot of work; we can't just do this by ourselves," Mundie said.

The company will also need to prove that it is still relevant in a world where the most popular applications are increasingly online and where rivals such as Google are looking at how to solve these very same problems.

Microsoft unveiled its end-to-end trust idea during a session conducted as an interview between Mundie and Christopher Leach, senior vice president and chief information security officer at Affiliated Computer Services, a business outsourcing company.

Interoperability is key to make the end-to-end trust idea work, Leach said.

Mundie agreed. "Ultimately we need collaboration with the other people who are building some parts of the products in the system," he said. "People are going to have heterogeneous systems."