• Home

  • Documents

  • Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means...
23
Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Embed Size (px)

Citation preview

Page 1: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Trustworthy Yet?

An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security

practitioners

Page 2: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Our Panelists

Page 3: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

KEN TYMINSKI

CISO Prudential Financial of America

Page 4: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

JOSEPH COOPER, CISSP

Chairman & CEO Digital Defense

Page 5: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

JONATHAN PERERA

Senior Director of Product Management Microsoft’s Security & Technology Unit

Page 6: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Microsoft’s Beginnings

Page 7: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Gates’ Mandate

“Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”

--Bill Gates, January 17, 2002

Page 8: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Trustworthy Milestones 2002

Retrained 11,000 developers and engineers

Revamped MSRC

Retrofitted XP (SP1) and Win2K (SP4)

Released MBSA

Replaced the complier in Win2003

Released Win2003 with services off by default

Changed philosophy on shipping products

Page 9: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Trustworthy Milestones 2003

Released SQL Server 2000 SP3

Improved Exchange 2003 & Office 2003

Changed vulnerability announcements

Launched ISA 2000 FP1

Released patching tools

Acquired AV company, formed alliance

Page 10: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Trustworthy Ambitions

Windows XP (beta; due summer ’04)

Integrating WUS with Windows, other apps

Active defenses, synergistic strategy

Substantial more secure OSes & apps: Yukon (SQL), 2005; Longhorn (Windows), 2006

Page 11: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

=

Trustworthy Ambitions

End goal: 2014 or longer

Page 12: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Microsoft is doing enough to improve its software security.

Strongly Disagree 40%

Somewhat Disagree30%

Strongly Agree 2%

Somewhat Agree 18%

Page 13: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Will Trustworthy Computing eventually make a difference?

0 20 40 60

Don'tKnow

No

Yes

20032002

Page 14: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Redmond’s Assessment

“I think we have made a good start in the last two years, and I believe we will have made enormous progress 10 years from now.”

STEVE BALLMER

CEO, Microsoft

Page 15: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Is Microsoft doing enough to improve the security

of its products?

Is it on the right track?

Page 16: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Patching

Page 17: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Patching Windows Is Best Characterized As:

Unavoidable46%

An Overblown Problem

5%

Onerous 48%

Page 18: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Microsoft Is Doing Enough To Ease The Patching Problem.

Strongly Disagree28%

Somewhat Disagree33%

Strongly Agree 3%

Somewhat Agree 20%

Page 19: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Is the Windows patching problem getting better?

Page 20: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Synergistic Security

“There’s no one thing that’s going to solve this. Mitigation is part of it.”

MIKE NASH

Corporate VP, Microsoft SBU

Page 21: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Will Microsoft’s synergistic security strategy lead to better overall security for

Windows and its other applications?

Page 22: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

What does Microsoft need to do to win and retain

the confidence of its enterprise customers?

Page 23: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners

Users Respond


Our Trustworthy friends

Our Trustworthy friends

Education
Trustworthy Machine Learning

Trustworthy Machine Learning

Documents
Towards Trustworthy Participatory Sensing

Towards Trustworthy Participatory Sensing

Documents
PDE Based Trustworthy Deep Learninghelper.ipam.ucla.edu/publications/dlm2020/dlm2020_15804.pdfHowever, Deep Learning is Not Trustworthy! Trustworthy deep learning: 1. Robustdeeplearning

PDE Based Trustworthy Deep Learninghelper.ipam.ucla.edu/publications/dlm2020/dlm2020_15804.pdfHowever, Deep Learning is Not Trustworthy! Trustworthy deep learning: 1. Robustdeeplearning

Documents
Microsoft’s cortana vehicle technology

Microsoft’s cortana vehicle technology

Automotive
Challenges for trustworthy (multi-)Cloud- based services ... · Challenges for trustworthy (multi-) Cloud based ... business-to-business, business to consumer, machine ... for trustworthy

Challenges for trustworthy (multi-)Cloud- based services ... · Challenges for trustworthy (multi-) Cloud based ... business-to-business, business to consumer, machine ... for trustworthy

Documents
Microsoft’s Bert

Microsoft’s Bert

Documents
Trustworthy Yet?

Trustworthy Yet?

Documents
Microsoft’s Production Configurable Cloud

Microsoft’s Production Configurable Cloud

Documents
Trustworthy Artificial Intelligence

Trustworthy Artificial Intelligence

Documents
Trustworthy Computing

Trustworthy Computing

Documents
7-Noah (Trustworthy Guide)

7-Noah (Trustworthy Guide)

Documents
Enabling Compliance: Microsoft’s approachenterprise.blob.core.windows.net/...Microsoft_Approach_to_the_FCA.pdf · Enabling Compliance: Microsoft’s approach to the FCA’s finalised

Enabling Compliance: Microsoft’s approachenterprise.blob.core.windows.net/...Microsoft_Approach_to_the_FCA.pdf · Enabling Compliance: Microsoft’s approach to the FCA’s finalised

Documents
Trustworthy Wireless

Trustworthy Wireless

Documents
Trustworthy Software

Trustworthy Software

Technology
Trustworthy Moving Services

Trustworthy Moving Services

Services
Trustworthy Sensor Networks

Trustworthy Sensor Networks

Documents
Introduction to Microsoft’s Agreement Structure

Introduction to Microsoft’s Agreement Structure

Documents
Affordable trustworthy-systems

Affordable trustworthy-systems

Software
Title of Presentation · 04/18/introducing-emet-v4-beta.aspx Trustworthy Computing. Trustworthy Computing. emet_feedback@microsoft.com Trustworthy Computing. Trustworthy Computing

Title of Presentation · 04/18/introducing-emet-v4-beta.aspx Trustworthy Computing. Trustworthy Computing. [email protected] Trustworthy Computing. Trustworthy Computing

Documents
P Rebooting Microsoft’s Culture

P Rebooting Microsoft’s Culture

Documents
TRUSTWORTHY ELECTIONS STRATEGY

TRUSTWORTHY ELECTIONS STRATEGY

Documents
Intranet Trustworthy-Amurgis (1)

Intranet Trustworthy-Amurgis (1)

Presentations & Public Speaking
Be the Game Changer...decide what’s trustworthy and what’s not. Edge uses Microsoft’s SmartScreen (also used by Internet Explorer), while Chrome and Firefox use Google’s Safe

Be the Game Changer...decide what’s trustworthy and what’s not. Edge uses Microsoft’s SmartScreen (also used by Internet Explorer), while Chrome and Firefox use Google’s Safe

Documents
How 2 B Trustworthy

How 2 B Trustworthy

Education
Microsoft’s Cursive Recognizer

Microsoft’s Cursive Recognizer

Documents
Trustworthy Essex Plumbers

Trustworthy Essex Plumbers

Business
MS - Trustworthy cloud

MS - Trustworthy cloud

Technology
TrustWorthy Catalogs

TrustWorthy Catalogs

Documents
Enterprise Email: Simply Trustworthy?

Enterprise Email: Simply Trustworthy?

Documents