Inside Microsoft's security war room
After years of having to scramble when a worm hit, Microsoft in 2005 built adjoining situation rooms to coordinate its response when an outbreak hits. Here's a look inside.
REDMOND, Wash.--Tired of having to fight for a free conference room, Microsoft's security chief, Mike Nash, decided in early 2005 that the company needed a dedicated "war room" where his team could handle emergency responses.
And while he was at it, why not have two? That way, the folks working on fixing a security crisis could have a little breathing room from those drafting the public and customer communications around the issue.
"They were tired of the communications people hearing of things that were half-baked," Nash said.
The Microsoft Security Response Center (MSRC) was completed in June 2005. The engineering conference room includes four flat-panel screens that can display live TV or a computer screen as well as a couple dozen chairs, though the place is often standing-room-only in a real crisis.
The war room is just one of a number of changes Microsoft has made over the years, usually the result of a lesson learned the hard way through some work or other outbreak. In part one of a three-part series starting Monday, I take a look back at those painful lessons and how they have shaped Microsoft's current practices. On Tuesday, I'll look at the role of the human element in trying to keep software secure. And on Wednesday, I'll look at some of the people Microsoft counts on to keep its products safe. Each day there will be a blog too, going into more depth on one issue raised by that day's story.
While most of the room's accoutrements are practical--food, a world map, and clocks showing the time around the world, there is also a photo of actor Harvey Keitel. That's courtesy of Christopher Budd, who used to work as part of the security response effort.
"Back in 2001, I joked about how working to protect customers in the MSRC was a lot like being Harvey Keitel's character, "The Wolf," in Pulp Fiction," said Budd, who now works on Microsoft's privacy team. "Just like his character, I said, you're doing a hard job, and doing it right means you have to remain calm in a crisis and help others stay calm. When you do that, you help everyone stay focused on solving the problem."
To me, "The Wolf" seems like an odd choice for a company that is looking to be more transparent. Wasn't his role in the movie to help clean up after a murder so that the rest of the world would not know what had transpired?