This article can also be found in the Premium Editorial Download "Storage magazine: Tips for lowering the cost of storage support contracts."
Download it now to read this article plus other related content.
The storage industry should learn from Microsoft
Storage professionals and vendors could learn a lot about embracing security from an unlikely source: Microsoft. Back in the late '90s, there was nothing but bad blood between the security community and Microsoft, so much so that Windows became the go-to target of the computer underground. Viruses and worms like the Melissa virus (1999), Code Red (2001), Nimda (2001) and SQL Slammer (2002) were wreaking havoc on Windows, Outlook, Exchange, IIS and SQL Server. Something had to be done.
Most people attribute the turnaround in Redmond to Bill Gates' January 2002 email describing the need for Trustworthy Computing, but security was already turning the corner at Microsoft. Security tiger teams worked with product groups to help them with secure code design, development and testing, a process later formalized as the Security Development Lifecycle (SDL). Today, every new product must go through the SDL process. SQL Server 2005 was the first product to pass the SDL hurdle and it shows. The number of post-development security vulnerabilities is considerably lower than in previous versions. The new desktop OS, Windows Vista, also went through SDL.
Microsoft added security to a number of internal processes. It changed the way it responds to software vulnerabilities by tightening processes, fixing all problems for all software once per month and reaching out to customers with proactive communications. Microsoft
Microsoft achieved a complete turnaround on security between 2001 and 2007. Its development and support models are now highly regarded in the security community, and its security products are gaining share and becoming market leaders.
This was first published in May 2007