Bill Gates underscores some of the biggest challenges in enterprise security.
"Security should be based on policy not topology"
h/t Mark O'Neill reporting live from RSA, and this article summarizes his speech
Programmers build bigger moats and thicker fortress walls -- but they don't bother to protect the corporate crown jewels when members of their fiefdom exit the castle and leave the drawbridge open.''We used to think of the data center as a glass house that was very isolated,'' Gates said. ''But if we look (at) what actually goes on -- consultants come into your company, employees who are not onsite need full access -- we cannot think of that glass house as the way to define what can connect to what. We need a far more powerful paradigm.''
Sorry folks. Network firewalls that create perimeters that only exist on whiteboard not in reality and are "protected" by SSL don't cut it anymore.
I am hopeful that Microsoft's competitors like Sun, Oracle, IBM, and open source projects will put aside their NIH and learn from the excellent work on security and identity coming out of Redmond. The Microsoft security architecture is far from perfect, but they have made some very creative, and practical improvements.
Comments