Enabling Secure Anywhere Access in a Connected World - Steve Riley on Security - Site Home

A few times each year, Bill Gates or Steve Ballmer publish an executive memo. The first memo was Bill's essay on trustworthy computing, in July 2002. Today Bill has a new memo, one that is very important for all of us who strive to achieve a balance between being secure and, well, getting work done.

Some of my favorite points from the memo:

[It] is no longer a question of the power of our devices and the speed of our connections. The real issue today is security. Ultimately, anywhere access depends on whether we can create and share information without fear that it will be compromised, stolen, or exploited.
No company is immune to the danger. Malware targets products from virtually every software vendor. Every business is vulnerable to the risks that come with unauthorized access to corporate information.
...striking the right balance is extremely difficult. Easy access speeds communications but increases the danger that confidential information will be exposed. Stringent security measures reduce risk, but can make it too difficult for employees to access information or communicate with customers and partners and too complex for IT professionals to deploy and manage solutions.
...new technologies for managing the way people and information move between corporate networks and the Internet are essential. In the face of a rapidly evolving threat landscape, the firewall...is no longer adequate.

Several times in the memo Bill mentions the importance of policy. Most of you have probably heard me speak of similar ideas. Policy-based security allows us to finally divorce information protection from the mechanism used to transmit that information. This is essential because the ubiquitousness of mobile computing demands it. Regardless of where information is stored, how it is transmitted, policies that apply to the information will move everywhere with it. We will no longer be constrained by the topologies of any particular network, because the network will lose its role in managing access to information and revert to the single thing it does best: move bits around as fast as possible.