There should be some empathy for those IT vendors tasked with developing products that aim to protect and manage the infrastructures upon which businesses are built and livelihoods depend.
That thought occurred to me while reading a report detailing a keynote speech given by Bill Gates last month at the annual RSA Security Conference in San Jose.
Microsoft’s “chief software architect” talked of his firm’s work around Identity Metasystems, which he describes as platform-independent architectures for sharing data between users and Web sites.
Gates spoke of support for domain and directory services, access control and single sign-on, of federated identity and of information rights protection and auditing, among other things.
It’s important and groundbreaking work, to be sure, yet all that Microsoft and any number of other IT infrastructure-focused companies seem to hear in response from the industry is a collective, “Why is security still such a damn pain to manage and what can’t it be made simpler?”
Skepticism and user indifference are costs of doing business in the IT security space, and ones that Microsoft and every other security vendor appear willing to pay to be in this lucrative market.
The perpetual drone of “what-have-you-done-for-me-lately?” in the security market is, however, being interrupted by encouraging words in the form of Microsoft’s upcoming Vista release.
Officially slated for a debut sometime in the second half of this calendar year, early reports from beta testers indicate that there are a good number of security improvements worth getting excited about.
One of the most anticipated features is User Account Control, which promises to make it tougher for non-administrators to get into programs that they aren’t supposed to be muddling around in.
Such lax entry requirements into the virtual administrative corridors have made it easier in the past for miscreants to get in to do their dirty work and bring systems down with malware.
Beta testers are also hopeful that the inclusion of Microsoft’s AntiSpyware software in Vista will provide an effective barrier to malware getting in and doing the damage it has in the past.
Other expected improvements to be included in Vista focus on providing greater visibility into the network, more detailed permission profiles for users, and the ability to patch and reboot without shutting down running applications. These are succeeding in raising the hopes of security types everywhere.
All that’s needed now is for Microsoft to meet its Vista release date and the critics will be placated…at least for a little while.