Limited access is crucial to next-generation security, Microsoft execs say

SAN FRANCISCO -- Organizations must think differently about the way networks are designed, operated and protected, and about how users are granted permission to access information in the highly connected world that is looming, said Bill Gates, chairman of Microsoft, and Craig Mundie the company’s director of research and strategy, today at the RSA Conference here.People want to access information from many sources — computers, cell phones, TVs and even their cars, Mundie said. He and Gates gave the keynote presentation at the conference.Traditionally, security has been used as a blocking mechanism to keep intruders out of corporate systems. The question now is how can it be used to make it simpler for people to get access to the information they need, Mundie said.For instance, an engineer at Boeing may want to grant permission to a partner at GE Engines to get information via Microsoft SharePoint collaboration software. But “just because you can get that schematic doesn’t mean you should get at everything on the corporate network,” Mundie said. “We really don’t have that mechanism to let that person make a very prescriptive authorization. Yet that is really where the world is going to have to move to.”The executives outlined three concepts that organizations and industry must think about in a different way: the network and how it will be constructed and operated, protection of information and user identity.“We need evolutionary approaches,” Gates said. He noted that the foundation for a new approach to network security has already been laid with IPv6, the next generation of IP and IPsec, which focuses on certificate-based authentication that ensures a user that the person he or she is communicating with can be trusted.Ultimately there is a need for more granular control in which a person can say, “I only trust this particular application and I only trust this particular person running that application,” Mundie said. This will require a more policy-based approach rather than focusing on network topology, he said.The move to IPv6 will not only accommodate billions of new devices but will allow information technology managers to define logically the protection domain they want to have their policies govern, Mundie said.