Gates: Simplify security

SAN JOSE, CALIF. – Software companies must make it easier for everyone to use the security features in software, Microsoft’s founder and chief software architect said today.

“If there’s an area where we absolutely have to do better, it’s this,” Bill Gates said at the RSA Conference 2006. The current situation for users, IT managers and software developers is too complex, he said.

Security must be something that users can trust companies to provide, Gates said. Software providers must make it easier for IT professionals to manage security enterprisewide and for software developers to write secure code, he said.

“If we don’t do this right, we won’t get the result we need,” Gates said.

Simplifying security is part of Microsoft’s strategy to increase the public’s trust in computing, Gates said. Another element is selling fundamentally secure products that are built from the outset with security in mind.

A key concept of the strategy is a “trust ecosystem” where users and companies hold themselves and the code they use accountable for security, Gates said.

Federated identity is essential to building the trust ecosystem, Gates said. Smart cards are an important part of creating federated identity, he said. Over the next three to four years, Gates said, corporations can and should move away from using passwords for security.

Improving security is necessary as the threat landscape continues to shift, Gates said. Technologically oriented social engineering and attacks that cross device platforms will replace the phishing, social engineering, botnet and rootkit attacks currently seen, he said.

“It’s a big challenge, but we have to make sure that security is not the thing that holds us back,” Gates said.