End to End Trust and Business Ready Security

I’m Doug Leland, general manager of the Identity and Security Business Group here at Microsoft. On Thursday we unveiled our new strategy for enterprise security, called Business Ready Security, a fundamentally new approach to help companies achieve their business goals while managing risk and empowering their people.

As many know, Microsoft also has a broad vision for a safer, more trusted Internet, called “End to End Trust.” As the RSA Conference starts this week, I wanted to take the opportunity to explain how Business Ready Security connects to End to End Trust.

The first piece of End to End Trust is security and privacy fundamentals – such as implementing the Security Development Lifecycle (SDL), employing defense in depth and providing threat mitigation. Business Ready Security ties to this closely, because our identity and security solutions provide data for - and are strengthened by - our security research and response, such as the recent Security Intelligence Report and the Microsoft Malware Protection Center. They are also built with the SDL.

The second piece of End to End Trust is the creation of a trusted stack where security is rooted in hardware and where each element in the stack (hardware, software, data and people) can be authenticated in appropriate circumstances. People want to establish the “trustworthiness” of devices and systems, and the connections they make to them. This is where Business Ready Security and our technology innovations are most closely connected to the vision, with our current and future Forefront solutions, for example.

The third piece involves managing the claims relating to identity attributes. Supporting this is "Microsoft" Geneva, a new set of technologies that make it dramatically easier for companies to build secure access into software and services.

Finally, End to End Trust is about enabling a good alignment of technological, social, political and economic forces so that we make real change.   A core element of Business Ready Security is working with a wide variety of partners. We have a strategic partnership with RSA, for example, and last week announced 10 companies committed to interoperability with our upcoming Forefront “Stirling” suite. We have helped to pioneer frameworks such as the Identity Metasystem and work with a number of standard bodies, including the OpenID Foundation.

I hope this is helpful information. Let us know if you have questions or comments. Thanks – see you at RSA.

Doug