trustworthy yet? an examination of microsoft’s trustworthy computing initiative, and what it means...
TRANSCRIPT
![Page 1: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/1.jpg)
Trustworthy Yet?
An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security
practitioners
![Page 2: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/2.jpg)
Our Panelists
![Page 3: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/3.jpg)
KEN TYMINSKI
CISO Prudential Financial of America
![Page 4: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/4.jpg)
JOSEPH COOPER, CISSP
Chairman & CEO Digital Defense
![Page 5: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/5.jpg)
JONATHAN PERERA
Senior Director of Product Management Microsoft’s Security & Technology Unit
![Page 6: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/6.jpg)
Microsoft’s Beginnings
![Page 7: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/7.jpg)
Gates’ Mandate
“Trustworthy Computing is computing that is as available, reliable and secure as electricity, water services and telephony.”
--Bill Gates, January 17, 2002
![Page 8: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/8.jpg)
Trustworthy Milestones 2002
Retrained 11,000 developers and engineers
Revamped MSRC
Retrofitted XP (SP1) and Win2K (SP4)
Released MBSA
Replaced the complier in Win2003
Released Win2003 with services off by default
Changed philosophy on shipping products
![Page 9: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/9.jpg)
Trustworthy Milestones 2003
Released SQL Server 2000 SP3
Improved Exchange 2003 & Office 2003
Changed vulnerability announcements
Launched ISA 2000 FP1
Released patching tools
Acquired AV company, formed alliance
![Page 10: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/10.jpg)
Trustworthy Ambitions
Windows XP (beta; due summer ’04)
Integrating WUS with Windows, other apps
Active defenses, synergistic strategy
Substantial more secure OSes & apps: Yukon (SQL), 2005; Longhorn (Windows), 2006
![Page 11: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/11.jpg)
=
Trustworthy Ambitions
End goal: 2014 or longer
![Page 12: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/12.jpg)
Microsoft is doing enough to improve its software security.
Strongly Disagree 40%
Somewhat Disagree30%
Strongly Agree 2%
Somewhat Agree 18%
![Page 13: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/13.jpg)
Will Trustworthy Computing eventually make a difference?
0 20 40 60
Don'tKnow
No
Yes
20032002
![Page 14: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/14.jpg)
Redmond’s Assessment
“I think we have made a good start in the last two years, and I believe we will have made enormous progress 10 years from now.”
STEVE BALLMER
CEO, Microsoft
![Page 15: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/15.jpg)
Is Microsoft doing enough to improve the security
of its products?
Is it on the right track?
![Page 16: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/16.jpg)
Patching
![Page 17: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/17.jpg)
Patching Windows Is Best Characterized As:
Unavoidable46%
An Overblown Problem
5%
Onerous 48%
![Page 18: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/18.jpg)
Microsoft Is Doing Enough To Ease The Patching Problem.
Strongly Disagree28%
Somewhat Disagree33%
Strongly Agree 3%
Somewhat Agree 20%
![Page 19: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/19.jpg)
Is the Windows patching problem getting better?
![Page 20: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/20.jpg)
Synergistic Security
“There’s no one thing that’s going to solve this. Mitigation is part of it.”
MIKE NASH
Corporate VP, Microsoft SBU
![Page 21: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/21.jpg)
Will Microsoft’s synergistic security strategy lead to better overall security for
Windows and its other applications?
![Page 22: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/22.jpg)
What does Microsoft need to do to win and retain
the confidence of its enterprise customers?
![Page 23: Trustworthy Yet? An examination of Microsoft’s Trustworthy Computing initiative, and what it means to enterprise security practitioners](https://reader035.vdocument.in/reader035/viewer/2022070414/5697bffc1a28abf838cc1c5b/html5/thumbnails/23.jpg)
Users Respond