“When organizations evaluate a technology and determine whether or not they trust it, what core factors are they considering?” Nearly ten years ago, a group of people at Microsoft discussed this question as they worked with a small set of customers to unearth the answer. The result was the Trustworthy Computing whitepaper, and the creation of Trustworthy Computing (TwC) in 2002 as a company initiative, and later a company tenet. Tasked with building new approaches to creating and delivering secure, private and reliable computing experiences for everyone, at the time the new mandate of TwC gave us an actionable way to bring together work that was already occurring across the company, yet apply even more systemic focus. Now, almost ten years later, we’re encouraged by the continued focus both inside and outside Microsoft. Yet, our work and that of the IT industry at large is far from over; many challenges and opportunities lay ahead.
If we take a look at what’s going on with information technology today, a variety of factors are affecting individuals, governments and businesses of all shapes and sizes as they consider the degrees to which they trust the technology they use. There are many lists on this subject; here are the factors I think most relevant:
- the globalization of the internet;
- a proliferation of devices and applications;
- hyper-powered users connected all the time;
- an increasing number of valuable targets for criminal activity;
- a growing reliance by governments, critical infrastructures, and citizens for systems core to the functioning of societies;
- the heightened level and sophistication of security and privacy threats;
- the increasing numbers of people and organizations depending on off-premise services (a.k.a. “cloud computing”).
There are a lot of hard and multifaceted problems to tackle.
Generating solutions to these problems requires a similarly multifaceted approach. Ultimately, the challenge for those employees working in the TwC group, the organizations and associations with whom we partner, and our customers, is to stay ahead of the curve. This involves leveraging the best of what has been done to date (e.g. the Microsoft Privacy Standard for Development, the Security Development Lifecycle), understanding the new threats and opportunities for progress, continuing to explore new ways to develop innovative ideas (e.g. BlueHat Prize) and engaging in dialogue across both public and private sectors, towards potential solutions.
I’m Adrienne Hall, general manager, Trustworthy Computing, and I’m excited to kick-off this TwC blog as a way to provide our perspective on a variety of topics and as a forum for discussion. The group I’m in lives and breathes the security, privacy and reliability of Microsoft offerings every day. We look forward to hearing from you in coming weeks as my colleagues and I will be sharing our perspectives on a number of fronts.
Check back with us soon. You can also subscribe via a RSS Feed.