Hello everyone! Yes, it's been a while since I've written. I've been pretty busy lately with a security roadshow in Southeast Asia. It's become an annual thing, it's a lot of fun, and I get to spend a good amount of time in what's becoming my favorite area of the world.
Anyway, the planning for TechEd 2007 is well underway. This year I have five presentations (SEC 303 is repeated), I've put the abstracts below. I'll sign up for TechEd Connect soon, the hosters are working to fix a problem with my ID. And during the event, as usual, when I'm not speaking I'll hang out in the exhibition or cabana area. My time that week is your time, so don't be afraid to sit down and have a chat. It's one of the highlights of the event for me.
SEC203 Making the Tradeoff: Be Secure or Get Work Done
Are you the kind of security person who enables a setting just because it's there? Do your users constantly seek ways to bypass all your fine-tuned security, just so they can do their jobs? Every security decision your organization makes ought to consider the security-usability (or even the security-usability-cost) tradeoff. While perfect security seems an admirable goal, in reality we must remember that usability often will trump our strongest desires. If people can't get work done, they'll either circumvent the security (without understanding they just created new attack vectors) or your company will simply lose out to your competitors. Steve Riley discusses several examples of real-world tradeoffs and helps you learn how to navigate the tradeoff in your own organization.
SEC301 The fortified data center in your future: Build it now and they will come
Relax for a moment. Let your mind wander to thoughts of your corporate network—with its myriad authentication schemes, its haphazard collection of client computers in various states of (non)conformance, its proliferation of access methods, its data centers with too many ways in and out. Feel like you want to just burn it all down and start over? Well, perhaps you should—and when you do, you can implement something that’s simpler, more secure, well managed, and less expensive. Over the years, Steve Riley has hinted at this idea, advocating the demise of the traditional corporate network, with its no longer useful distinction between “inside” and “outside.” Instead, organizations should move toward using the Internet as their infrastructure, where all clients and a physically and electronically fortified data center live “live on the ‘net.” The question, then, is how to build this data center? Effective security and management are absolutely essential to realize this vision. Steve will show how combining the Microsoft ForeFront family of security products with the System Center family of management solutions provides the necessary foundation for building your data center of the future—today. Don’t delay, because your business competitors are already doing it!
SEC303 It's 11:00 P.M., Do You Know Where Your Data Is?
Long gone are the days when you knew your data was safe because it resided only in your data center. The explosive proliferation of laptops, notebooks, handheld computers, smartphones, removable drives, and Internet file storage demands that we rethink how we protect information. Because it's the information the bad guys are after, and because the information flows so freely from device to device, our obligation is to protect the information. People want to work wherever they can find a computer and an Internet connection. How can you do this safely? Steve Riley considers strategies and explore technologies to help you solve a number of thorny problems: how to classify mobile data, how to keep track of where it is, and how to control its movement. We explore the new Data Encryption Toolkit for Mobile PCs, technical guidance and deployment tools that help you plan and implement EFS and BitLocker throughout your enterprise, with lower cost and extended centralized management and control. One question we will ponder: maybe it's time to do away with the locked-down desktop?
MBL409 Microsoft Windows Mobile 6 Security In-Depth
Seems like Windows Mobile 5 came out just the other day, but yes, version 6 is now ready. We listened to your feedback and incorporated several enhancements and new capabilities to make Windows Mobile 6 truly enterprise ready. We take an in-depth look at how Windows Mobile now supports Rights Management Services (enabling you to work with protected Office documents), a new certificate enrollment process, encryption of storage card contents, and more. We also review existing security features that are important for enterprises to understand and implement. Join Steve Riley as he shows you how Windows Mobile 6 can become your trusted platform for secure mobile access to corporate information.