Feature

Hot Spots: Time to learn from Microsoft's mistakes

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Tips for lowering the cost of storage support contracts."

Download it now to read this article plus other related content.

The storage industry should learn from Microsoft
Storage professionals and vendors could learn a lot about embracing security from an unlikely source: Microsoft. Back in the late '90s, there was nothing but bad blood between the security community and Microsoft, so much so that Windows became the go-to target of the computer underground. Viruses and worms like the Melissa virus (1999), Code Red (2001), Nimda (2001) and SQL Slammer (2002) were wreaking havoc on Windows, Outlook, Exchange, IIS and SQL Server. Something had to be done.

Most people attribute the turnaround in Redmond to Bill Gates' January 2002 email describing the need for Trustworthy Computing, but security was already turning the corner at Microsoft. Security tiger teams worked with product groups to help them with secure code design, development and testing, a process later formalized as the Security Development Lifecycle (SDL). Today, every new product must go through the SDL process. SQL Server 2005 was the first product to pass the SDL hurdle and it shows. The number of post-development security vulnerabilities is considerably lower than in previous versions. The new desktop OS, Windows Vista, also went through SDL.

Microsoft added security to a number of internal processes. It changed the way it responds to software vulnerabilities by tightening processes, fixing all problems for all software once per month and reaching out to customers with proactive communications. Microsoft

Requires Free Membership to View

also became more serious about its own security tools and technologies. The company enhanced homegrown technologies like its Internet Security and Acceleration (ISA) Server, Microsoft Operations Manager (MOM) and Active Directory (AD) while it went on a buying spree, scooping up security vendors such as Giant Company Software (anti-spyware), Sybari Software (email security) and Whale Communications (SSL VPN).

Microsoft achieved a complete turnaround on security between 2001 and 2007. Its development and support models are now highly regarded in the security community, and its security products are gaining share and becoming market leaders.

This was first published in May 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: