Microsoft touts 'end-to-end' security

Microsoft touts 'end-to-end' security


Company seeks to expand protections and develop web IDs

Microsoft has kicked off a new security campaign known as 'end-to-end' security.

The concept was discussed in depth on Tuesday at the RSA conference by Craig Mundie, Microsoft's chief research and strategy officer. The programme builds on the 'Trustworthy Computing' initiative Microsoft launched in 2001 that has guided the development of such products as Office 2007 and Windows Vista.

Mundie explained that the end-to-end philosophy has two major goals: one of which is to develop a 'full-stack' security program in which the hardware, software, data files, and user are all covered by a single security product.

"We look at the next requirement being a trusted stack of software," said Mundie.

"You can't look at any one piece."

Mundie also sounded the call for the development of an online ID system in which user information can be quickly checked and verified by a site. Mundie likened the system to a 'driver's licence' for the web.

"There is a physical token that people use to present certain types of credentials," said Mundie.

"And we want to recreate that on the web."

Affiliated Computer Services chief information security officer Chris Leach appeared on stage with Mundie, and bristled a bit at the concept of an ID for each user. Leach noted that in some situations, users will require privacy, prompting the development of small 'islands of anonymity' on the web.

Mundie conceded Leach's point, suggesting that, ultimately, a compromise will be formed on the matter.

"Much as in the physical world, we will come to understand that there are certain places where you are not expected to have to be identified," he said.