Security Overview
Published: May 25, 2005 | Updated: April 21, 2006
Since the Trustworthy Computing Initiative was introduced in early 2002, Microsoft has been working wholeheartedly to address security issues in its software and the industry. As part of our focus on technology investments, Microsoft takes a "defense-in-depth" approach to protection and is aligning around three core elements:
1. Fundamentals
The focus on fundamentals is making the platform inherently safer. As part of this initiative Microsoft has trained its developers, testers, and program managers in how to develop more secure code, putting in place a process for developing secure code called the Security Development Lifecycle (SDL). Microsoft holds its engineering teams accountable for the security of the code they deliver.
Another key area of Microsoft's approach is enhancing the process and tools used in updating customer software. Microsoft has been and will continue to work hard to make the updating process more manageable by making it predictable, improving the quality of updates, and investing in better tools and product enhancements to make it easier.
2. Threat and Vulnerability Mitigation
Microsoft strives to provide a comprehensive and integrated portfolio of software and technologies that suit the needs of all customers by providing the following benefits:
| • |
Central visibility and control of risk
|
| • |
Reduced exposure to threats through leading technologies and a defense-in-depth approach
|
| • |
Seamless integration with existing IT systems and within the security portfolio
|
Microsoft's approach will also reduce an organization's exposure to attacks, through best-of-breed threat protection, detection, and removal. Data collected using various feedback mechanisms—including MSN Hotmail, Windows Online Crash Analysis, and the SpyNet AntiSpyware Community—combined with a global multi-vendor research effort will enable fast discovery of protection against new threats.
3. Identity and Access Control
Tackling this challenging aspect of security is another important layer of Microsoft's in-depth approach to defense. It has three fundamental parts:
| • |
Trustworthy Identity
|
| • |
Access Policy Management
|
| • |
Information Protection
|
Microsoft is focusing on innovation and integration in this area to help ensure that users are trustworthy, to help manage policy that dictates what resources those users can access, and to help protect information for its lifetime, wherever it is stored.
