If would like to start with an important statement: This is the first blog post I made with a disclaimer to start with. The content of this post is not an official Microsoft position and might not reflect the Microsoft opinion!

Let’s have a chat about piracy. When I look at my neighborhood, I often (very often) have discussion about how legal it is to copy software and use cracked software and copied DVDs and copied music. In Switzerland, we have a piracy rate on software of approx. 25% – this is where I live and this is one of the richest country on the globe. If you take this figure: How would you feel if every fourth hour you are working is not paid? I would go ballistic! This would be unacceptable to me.

Still, a lot of people think that it is not really a problem if they use resources – illegal resources – which are freely available on the Internet. A lot of people think that it is just a peccadillo to copy. Being it books, music, software. And then I posted recently on Twitter about “What is your view? I think it is a good idea: Illegal downloaders face web ban http://ow.ly/xGaK” and got a lot of harsh reactions. I hope that a lot of those people will – in the future – work at least one hour every four for the community as they seem to expect this to happen for the software industry.

Now, let me take another position: I think it is great that we introduced a limited offer (do not ask me why it is limited) of a Windows 7 Family Edition to be installed within your household at max. three times – this covers a huge need of families and they might often have copied or cracked it instead. Whenever I can avoid it, I do not download technically protected music – and let me tell you why (please if you quote me, quote me in context): Why should I pay for music to be used on only my MP3-player? I am listening music from my PC during work, my business notebook during travel, my Zune during flights, my car during travel and last but not least my Mediacenter. If the music is copyright protected, this does not work. I am allowed to copy it but not to break any copyright protection. So, this model sucks. I understand that a artist wants money for the music and I am definitely willing to pay for it (see my point above – I do not work for free neither) but I want to consume it whenever I want, wherever I want. If I use not technically protected music, I can leverage it across all my systems. Otherwise I cannot – and this sucks. Is this a reason to hack it – no. Is it a reason not to buy it – definitely.

I see the need of the entertainment industry to protect its assets. On the other hand I see the requirements of the consumers, which are often ignored. What scares me much more is the way we raise children. Growing up in a household, where copying of illegal content is just a normal thing, whit what values do this kids grow up? Basically with a mindset that stealing is illegal if we deal with physical goods but not really illegal for not physical good? So, stealing is just a little bit illegal. Or is just illegal if it fits us personally?

Therefore, the British approach above to ban illegal downloaders might be drastic but is it that far fetched? Is it really going too far? What do we do with trespassers in the physical world and why is this different on the Internet?

A final remark: If you quote me, please quote me in context. Additionally I want to state again, that this is my personal opinion!

Roger

We just opened the Beta for Windows Intune, your new PC management and security solution in the cloud. Here is a screenshot if the web console:

So, go and sign up for the Beta: http://www.microsoft.com/online/windows-intune.mspx

Roger

I am one of the grounded people. Luckily for me, I would have had to fly out today and am now “stuck” at home. It is not so fortunate for the event organizer which has a significant amount of sessions he has to do on LiveMeeting now. On the other hand, maybe that this is the future for a lot of travels we do, as when I talk to customers on LiveMeeting, often they are fairly happy and it costs me 1.5 hours instead of 1.5 days and then the expense to be added.

However, this is not the reason for this post. When I look at what happens with the Volcanic ash, it is actually fairly scary to me. Governments, based on the assessment of the aerospace industry and the pilots, decided to close the different aerospaces due to safety reasons. And to be clear: The government’s job in this situation is the safety of the passengers. It seems to be completely true that this assessment is probably fairly cautious as there is not enough experience and data with such a situation and people who have to take this decision want to be on the safe side – and I want them to stay there as I will fly again when they open the airports… Airbus as an example has clear Flight Operations Briefing Notes on Volcanic Ash Awareness – the question is from which is the critical concentration – something we do not know. And now, the problem starts. Initially the decision was clear and “well taken” by all the different people – even the grounded passengers. But then the commercial factors come into play, which I definitely understand. It might well be a question of survival for some airlines. So, the politics as well as the businesses take part of this discussion and try to influence the authorities to remove the ban – here it gets dangerous in my opinion. It will be interesting to see where this leads but imagine the scenario where the government opens the aerospace and a plan crashes because of the volcanic ash…

Let’s take that to the business. Is this not a common scenario? We have the job to ensure the security of our company’s information but there are commercial as well as political issues to consider. Unfortunately (or fortunately), business has the power to overrule a decision taken by security based on their risk assessment. Most often, however, this decision is not live threatening – so the impact might not be as sever as with the airline industry at the moment. In order to overcome this problem, it leads me back to what I say very often: We have to bridge the gap between how we assess risk and the way “people” look at those risks. We have to find a common language and a joint understanding of the problem – something I think is not given with the volcano above.

So, most often – as with the volcano – it is more a communication problem than an engineering problem. Additionally it is a problem of too many people assessing risks they do not understand. I heard it very often from ordinary people that governments are overly cautious – stated by people who understand as much of flying a plane as I do, nothing.

If you take the learning for you as a security professional: You have to make sure you understand the risks as far as possible. Additionally you have to make sure the decision makers understand the risks and the consequences if the risk materializes – and they have to understand it in their own language.

Roger

I am really against banning social media – especially with the reasoning of the work performance. To me, this is a management job, not a technology job and by banning social media to make people more productive – I doubt that this is really successful.

Now, I read this article: Why Banning Social Media Often Backfires which is definitely worth reading! as it goes down the road I just mentioned above.
Roger

I recently blogged about the Beta version of our Security Compliance Manger, helping you to manage the security baselines in your organization. There are some screenshots in the corresponding post: Making the Management of Security Compliance Easier!

Now, we released the final version of it. It can be found here: Microsoft Security Compliance Manager

Roger