Computerworld
Print Article
Close Window

Security Proofs

Maryfran Johnson
 

May 7, 2001 (Computerworld)

The ongoing security screw-ups with Microsoft's Windows 2000 must have corporate customers steaming. Only last week, the most serious one yet turned up, this time as a flaw in an extension to the server operating system that could give a malicious intruder free rein on a company's internal network. Enterprise users running Microsoft's Internet Information Services 5.0 software were urgently advised to install the available patch immediately.
This latest alarm bell rang only a week after Microsoft had to admit that 26 of its largest support customers - those paying for Gold and Premier levels of service, no less - were exposed to the FunLove computer virus. How? Through Microsoft's failure to follow its own virus-scanning policies, leaving potential attackers with a conveniently open window, so to speak.
As Microsoft lumbers up its steep learning curve on security, it's clearly making that climb on the backs of your businesses. And it's happening at a time when the twin business imperatives of e-mail and e-commerce are exposing more corporate systems to hackers every day.
No wonder IT security professionals are swiftly moving out of back-office support roles and into strategic positions. "The higher the stakes get, the more security is a business issue," notes David Foote, a consultant quoted in one of our stories this week ["The New Security Pro," page 69].
But let's suppose that Microsoft and the growing cabal of security product vendors were really listening to customers. What would they offer you? We took a look at that question in another story this week, "Managing the Virus Threat" [page 66], and discovered that security pros need a "single-console" approach to manage the hodgepodge of cross-platform antivirus products. Imagine being able to coordinate dozens of antivirus updates from multiple suppliers, or to get new virus alerts equipped with preventive measures before the vendor patch is delivered.
Ah, but here's the catch: All of the above capabilities would require far too much cooperation and customer focus. As one security product manager candidly acknowledged in our story, any vendors that provide such a single-console approach are "basically admitting their full complement of products isn't a good approach."
As Microsoft has proved repeatedly of late, even the company that owns the underlying platform can't do security right all by itself. It needs to work in concert with other providers, and all of them need to lose that "not invented here" mind-set that puts vendor spin first and customer needs second.
Serious about enterprise security? Show us some proof for a change.
Maryfran Johnson is editor in chief of Computerworld. You can contact her at maryfran_johnson@computerworld.com.