Trustworthy Computing Next: Building Trust in a Connected World

From the beginning, Trustworthy Computing’s mission was billed as a long-term journey. As Microsoft marked the 10-year milestone of TwC last month, we also looked forward and recognized that evolving IT models and societal changes have made the relentless pursuit of TwC more important than ever. Today at the RSA Conference 2012, I’m providing my vision for Trustworthy Computing Next within a keynote and sharing a new white paper.

There are three major forces of change. First, with a proliferation of devices, services, and sensors, people are excited about the potential of the cloud and big data. Organizations in both the public and private sectors are racing to provide computer users new features and capabilities. Big data unlocks enormous potential, from more effective health care to better business analytics. And while big data may also provide new insights into the reliability and security of our IT ecosystem, the uses of big data will also raise important privacy questions, particularly as we seek to balance the potential benefits of big data with the risks to both society and the individual.

Second, as our dependency on IT has grown, governments have become increasingly active in Internet affairs. Governments, of course, have multiple roles to play: they are a user of IT (governments are, after all, large enterprises), a protector (of both the rights of Internet users and the Internet itself), and an exploiter (concerns about military espionage and cyber warfare are now frequently expressed). Making these issues more challenging is that, in many countries, the private sector owns most of the critical infrastructure.

Finally, the threat landscape continues to evolve. Opportunistic threats have been supplemented by attacks that are more persistent and determined. While some of these attacks have been coined as “Advanced Persistent Threats,” that term is often a misnomer. Some are advanced, but many are not; attack vectors are often traditional and unsophisticated. What marks these attacks is that the adversary is willing to work overtime and is firmly resolved to succeed. This is naturally worrisome for those dependent on information technology.

In this new world, each and every machine, application, data or person may be helpful or harmful, innocuous or dangerous. The Web we live in today is no longer about bilateral relationships; we are connected in new ways where an individual and an organization may have no direct relationship at all, even as they share data or take on IT dependencies. With lack of transparency into these relationships, dependencies, and data flows, it can be hard to make intelligent trust decisions.

Recognizing these challenges, each pillar of TwC must evolve. In security, we must adopt a more holistic security strategy that encompasses prevention, detection, containment, and recovery. In privacy, we must understand what it means to live in a highly connected, device-laden and data-rich world, and craft fair information principles that serve the twin goals of unlocking the power of big data while protecting privacy effectively.

In reliability, we need to leverage engineering intelligence and pursue recovery oriented computing, thus creating products and services that respond with agility when things fail and help ensure the reliability of devices and services notwithstanding the complexity, interconnectedness and dependencies that now exist in our information systems. Finally, by being open and transparent in our business practices, we can engender the trust of those dependent on information technology.

In sum, the mission defined by Bill Gates 10 years ago remains as vital and important as ever.

Posted by Scott Charney
Corporate Vice President, Trustworthy Computing, Microsoft