Microsoft Security Strategist Awards

Committed to security

Data is distinguished on the basis of the information that it provides, and Microsoft believes that ensuring its protection is vital.

Sanjiv Mathur

Data, data everywhere! But what distinguishes this data is the information content that it provides. The biggest challenge for every company, undoubtedly, is the protection of this vital information which would ultimately help it make the right strategic decision. The way things are looking at present, it seems that the BFSI and the IT / ITeS industries have been the early implementers of sophisticated security tools. Vendors like Microsoft are only too happy that companies value security to the extent that they do.

In the recently-held Technology Senate held by the Indian Express group, Microsoft’s commitment to security came out loud and clear. “We consider security to be a big deal,” said Sanjiv Mathur, Director, Enterprise Marketing, Microsoft India. Mathur was of the opinion that the information technology business has provided Microsoft withvarious opportunities, and every opportunity brings with it a set of security issues that have been challenging.

Initially, computing was personal. “You used a PC to do a few things that helped enhance your productivity. PCs were seldom networked and people used simpler applications,” he recalled. During that period, data transfer between PCs would happen only by means of a floppy. Malware would be transported from one computer to another only if one used such means to exchange data with an infected PC.

However, this threat of unauthorised information access evolved over the next few years to a point where now, with the advent of mobile computing, attacks have become more sophisticated and PCs more vulnerable. Microsoft warns users about issues like peer to peer networking and social engineering. This it feels is likely to contribute to increased threats in the future. Microsoft has also been able to identify security challenges in areas such as regulatory compliance. Another significant challenge is identity management and access control. “The question is, how do you keep the bad guys out and let the good guys in,” said Mathur. He also touched upon how concentrating on just perimeter security would not help anymore.

According to Mathur, Microsoft does not see security as a technology problem. “It is about people and processes,” said Mathur. He however, continued to explicitly hint at Microsoft’s commitment to security. “The challenge is to build fundamentally secure platforms,” added Mathur.

He spoke of a trust ecosystem that would help customers feel safe with Microsoft. The key components of this ecosystem, he said, consist of people code, devices and finally organisations.

Currently, the company is working on areas such as x64 driver signing, x64 kernel patch protection, and Windows Defender. “We want to control who’s authorised to modify the Windows kernel. Good guys can enter while bad guys are prevented from doing this,” said Mathur. He also spoke of User Access Control (UAC), a new security feature that has been introduced with Windows Vista. “No user can be a super user. In the UAC model you escalate user or application privileges as and when required,” explained Mathur.

What came out from the presentation was the fact that Microsoft is deeply concerned about security. Be it perimeter security or securing every single component of the entire corporate ecosystem, Microsoft came across as Mr Dependable.