Home > Storage Magazine > Columns > Hot Spots: Time to learn from Microsoft's mistakes
EMAIL THIS LICENSING & REPRINTS
Storage Magazine

  CURRENT ISSUE  
  FEATURES  
  TOOLS, TRENDS & ANALYSIS  
  COLUMNS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Hot Spots: Time to learn from Microsoft's mistakes
by Jon Oltsik
Issue: May 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >

The storage industry should learn from Microsoft
Storage professionals and vendors could learn a lot about embracing security from an unlikely source: Microsoft. Back in the late '90s, there was nothing but bad blood between the security community and Microsoft, so much so that Windows became the go-to target of the computer underground. Viruses and worms like the Melissa virus (1999), Code Red (2001), Nimda (2001) and SQL Slammer (2002) were wreaking havoc on Windows, Outlook, Exchange, IIS and SQL Server. Something had to be done.

Most people attribute the turnaround in Redmond to Bill Gates' January 2002 email describing the need for Trustworthy Computing, but security was already turning the corner at Microsoft. Security tiger teams worked with product groups to help them with secure code design, development and testing, a process later formalized as the Security Development Lifecycle (SDL). Today, every new product must go through the SDL process. SQL Server 2005 was the first product to pass the SDL hurdle and it shows. The number of post-development security vulnerabilities is considerably lower than in previous versions. The new desktop OS, Windows Vista, also went through SDL.

Microsoft added security to a number of internal processes. It changed the way it responds to software vulnerabilities by tightening processes, fixing all problems for all software once per month and reaching out to customers with proactive communications. Microsoft also became more serious about its own security tools and technologies. The company enhanced homegrown technologies like its Internet Security and Acceleration (ISA) Server, Microsoft Operations Manager (MOM) and Active Directory (AD) while it went on a buying spree, scooping up security vendors such as Giant Company Software (anti-spyware), Sybari Software (email security) and Whale Communications (SSL VPN).

Microsoft achieved a complete turnaround on security between 2001 and 2007. Its development and support models are now highly regarded in the security community, and its security products are gaining share and becoming market leaders.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >





TechTarget Storage Media
Storage Magazine View this month\\'s issue and subscribe today.
Storage Decisions Apply online for free conference admission.
SearchStorage.com
HomeNewsMagazineTopicsLearningMultimediaWhite PapersBlogsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2000 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts