Fight worms

IN CONVERSATION

Scott Charney

When Microsoft launched the Trustworthy Computing Initiative four years ago, the intention was to secure its own products against security breaches. Visiting vice president (Trustworthy Computing) and Chief Security Strategist of Microsoft SCOTT CHARNEY tells Business Standard how the initiative has grown to include security for the entire IT-scape.

Are you here because Microsoft is a dominant player or because of the Trustworthy Computing Initiative vision to curb security breaches?

I am here to talk with the government agencies and industry bodies and take forward our initiatives.

We are here to tell organisations that even if it has a risk management plan in place, there are chances that it can still get hacked. So, what is the solution? Companies like Microsoft have started designing products that are centred around security.

This way, quantifying risks and calculating ROI becomes simpler. Buying a branded product might not guarantee a hack-free environment, but what it ensures is that your risks are lowest and recovery is easy.

Yet, we have seen more attacks, viruses in the past few months. What does that mean? It means that attackers are getting ahead. We are already seeing an escalation in organised attacks and they are from the developing nations.

In China and Korea, we see security breaches almost everyday. Big companies, agencies of the US are ideal targets for most hackers. Yes, the breaches can be contained, if not stopped. We will never get the risks to zero, but we can make them less dangerous.

Would it be right to say that the security problems in India are less complicated than those faced internationally?

It would be fairly correct to assume this. The systems (in India) are complex, but they are not all that complicated, yet. The world over, the problems are the same. Differences arise when we are talking of connectivity and the number of wireless devices.

We didn't have many worms and viruses when dial-up connections existed. Today, with broadband we have a new set of problems.

Enterprises do not want to invest in risk management. In India, even as information remains as the highly prized asset for businesses, the dedication to secure that information isn't equally gratifying.

What would be Microsoft's plan of action for the Indian enterprise and government sector which are also the most expansive users of IT products?

We would like to begin with getting organisations and enterprises to document their security policies and systems. This includes identifying the assets you want to protect, testing mitigations and having a rescue plan on hand.

Apart from the banking and finance segment, most Indian enterprises have just begun to implement a security policy and deploy security solutions. As a part of Microsoft's Security Cooperation programme, we share our source code with the government.