Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Security Industry Should Be Optimistic: Microsoft Execs

Despite the changing threat landscape and all the security challenges we face today, there are many reasons for the security industry to be optimistic, a Microsoft executive said at the RSA Conference.

Despite the changing threat landscape and all the security challenges we face today, there are many reasons for the security industry to be optimistic, a Microsoft executive said at the RSA Conference.

Yes, major organizations are being breached, cyber-criminals are becoming much more organized, and attackers are crafting more elaborate and sophisticated attacks. None of these challenges change the fact that there have been big successes in the security industry in recent years, Scott Charney, corporate vice-president of Trustworthy Computing at Microsoft, said during his keynote speech on Tuesday. Improvements in identity systems, new delivery models, and operational security, are signs that innovation is alive and well, Charney said.

Being optimistic about the state of security may be a sign of delusion, but Charney was adamant that recent industry and government advances have improved security and also created “the foundation for a more secure tomorrow.”

Building security protection right into hardware is something the industry has been discussing for a while, and thanks to some great strides in hardware, it is now reality, Charney said. Advancements such as Trusted Boot, UEFI, and early load anti-malware features help protect systems against rootkits and other malware. All these are elements in Windows 8.The industry has worked to “fundamentally reshape” security so that organizations can see things before they happen and solve them in advance, Charney said.

The Secure Software Development Lifecycle has helped bake security into all levels of Microsoft, and many other companies have also made investments in software security. There have been other secure coding programs, but Microsoft successfully scaled SDL across 36,000 engineers. And vendors and other types of organizations are beginning to demand in contracts that companies adopt secure development practices.

“When you see markets starting to demand secure development, you’ve reached an inflection point, and the future will look different,” he said.

The fact that the industry is looking at whitelisting, addressing ways to improve update rates, and moving towards “least privilege” are more examples of successes, Adrienne Hall, General Manager, Trustworthy Computing Group at Microsoft told SecurityWeek. Updating was a basic problem—not enough people were doing it. It was still a hard problem, though, and the company tried several methods and worked hard to refine the process, to the point where a significant majority of users are now updating their software regularly, Hall said.

On the social and political level, security now has a more prominent space than in previous years. The president recently signed a cyber-security executive order that addresses information sharing and how to protect critical infrastructure. There are voluntary code of conduct and national identity projects. There is interest in privacy issues on the government level. The move towards public-private partnership is critical, because security is a problem that requires input from all sides. If the industry is not part of the conversation, there can’t be progress, Hall said.

Advertisement. Scroll to continue reading.

The industry has also matured in how they share information, Hall said, adding there is a “pull in the common direction.”

Governments are increasingly collaborating on security issues and defining strategies to tackle security challenges. While some countries may disagree about the definition of cybercrime and cyberwarfare, at least the discussion is happening, Charney said.

There is still a lot to do. Microsoft is not suggesting there are no challenges left in security, Hall said. Some of the issues we are looking at are “conundrums” but that just means it’s time to break them down to smaller pieces, look at what needs to be done, and tackle them one at a time, Hall said. If the industry has successfully met, to some degree, the previous challenges, then the prospects are bright that the current problems can be fixed, Hall said. That’s where the case of optimism comes in.

There is crime in the physical world, but “we aren’t going around being terrified,” Hall said. The cyber-realm isn’t that different. Or shouldn’t be

“There’s a lot of serious stuff happening on the Internet. I’m not delusional,” but the industry and governments have made it possible to “fundamentally move into a more secure world,” Charney said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.