Microsoft may partner for security with Hailstorm

Microsoft Corp. CEO Steve Ballmer said last Thursday that Microsoft will rely on third-party security companies to build and support features in Hailstorm, the company’s set of services that will be included in Windows XP and become the key building blocks for its .Net initiative.

Taking questions from IT managers and executives during a presentation at InfoWorld’s CTO Forum here, Ballmer was approached with questions about the level of security that will be rolled into Microsoft’s new platform for delivering Web services and applications. He said Microsoft would likely ease security concerns by taking a “federated approach,” where Microsoft governs corporate partners that can help ensure that corporate and personal data is not compromised.

“We do need partners who will provide value added security services,” he said, describing Microsoft’s role in Hailstorm as a middleman. “You will see us partner with third parties.”

A representative from the U.S. Air Force Research Lab sparked the issue, drilling Ballmer with questions about why companies and organizations should trust Microsoft with all of the data that it would collect from customers who make use of Hailstorm.

The service includes Passport, an authentication system that will sign users on to applications and services running on .Net, notification and collaboration tools. Passport is included in the upcoming version of Microsoft’s operating system, Windows XP, which will be released on Oct. 25.

“More people trust us with their personal information every day than any other company in the world,” Ballmer answered, noting that millions of customers who use the company’s free e-mail service Hotmail store personal information with Microsoft.

Audience members also asked Ballmer if Microsoft had considered spinning Hailstorm off into a separate entity that could be ruled by a more trusted body. In short, Ballmer said “no.”

“We will take a federated approach where we’re not in the middle of Passport issuances,” he said. Microsoft may also allow companies to hand out their own Passport authentication services internally.

In addition to third-party security support, Ballmer said Microsoft is also working on a way to make its Active Directory product, included in its Windows Server, another point in the network to house security services. He did not go into detail about how the company would do that.

“I think the combination of those things will go a long way to give people the tools they need to be secure,” he said.

Microsoft, in Redmond, Wash., can be reached at