Microsoft: Smarter IDs needed for Net gains

Microsoft's chief security strategists are asking for help.

The massive software vendor is working harder than ever to do its part to improve online security, but the company cannot solve all the electronic world's ills alone and must have broader support from across the IT and Internet communities to speed up progress, Microsoft officials said at the ongoing RSA Conference 2008 in San Francisco.

[ For more coverage, see InfoWorld's special report on the RSA Conference 2008 ]

Despite the fact that Microsoft and other mainstream technology vendors have made a concerted effort to improve the quality of their products and services -- over the last several years, in particular -- to respond to the Internet's blossoming security epidemic, today's problems are too widespread and fast-moving to be addressed unless new industry standards and technological vehicles can be created to help foster stronger online protection, executives with the company said.

Only by driving industry collaboration around issues of online authentication and identity protection can the Web be made a place where people can again trust the systems and services they seek to use with any level of confidence, said Scott Charney, corporate vice president of Trustworthy Computing at Microsoft.

Just as Microsoft has utilized its Trustworthy Computing initiative in an effort to reduce the number of vulnerabilities in its products and integrate stronger security tools into its software and online services, the Internet community at large needs to readdress authentication and identity if it hopes to regain users' faith, Charney said.

The executive has also authored a 20-page white paper manifesto outlining Microsoft's hopes for broader collaboration around online security and trust. The company's chief research and strategy officer, Craig Mundie, outlined the vision further in his RSA keynote address on Tuesday.

"For a long time, the industry didn't do security well, and because of its market share, Microsoft became a very important player in all of this," said Charney. "We think that we've done a good job of improving things over the last six years, but still it's not enough, and we need industry cooperation to do more in the Internet space."

Charney's paper and Mundie's speech express the need for a vision of "end-to-end trust" to be embraced among many different technological and social constituencies to aid in everything from helping companies do business faster and more securely online, to better protecting children who access the Web.

Technology vendors, service providers, industry bodies, and government agencies must team to create methods by which people can communicate online with assurance about each others' identities while preserving important issues of privacy and anonymity, the experts said.