Microsoft Australia launches security blitz

Microsoft's campaign to place security front and center of its business is poised to take off in Australia.

Microsoft Australia's security team leader, Ben English, said the company was kicking off a range of initiatives next week--just a day after Chairman Bill Gates announced a raft of initiatives at a security company conference in San Francisco.

The initiatives include a series of seminars on security. Part of that is a push to train its security consultants to give customers a packaged service that addresses problems such as patch management and system hardening, an audit of corporate customers to establish their risk profiles, and the introduction of an internal security mobilization team.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

English said that the establishment of the internal team--whose members come from across the company's business lines--was designed to ensure the company as a whole took responsibility for security. "We're trying to encourage people from all aspects of the business to coordinate security strategy," he said.

The move comes as the company gears up for a series of one-day seminars on security, to run in Australian cities March 1 to 18. The seminars, which focus particularly on patch management and techniques for hardening corporate platforms to minimize the risk of breaches, are designed for developers and information technology professionals. Speakers include Microsoft's director of security, George Stathakopoulos.

To date, Microsoft has recorded more than 7,000 registrations across Australia, with more than 1,000 registered for each of the seminars in Sydney, Melbourne and Brisbane.

English said he expected that figure--which exceeded the number for some of Microsoft's major product announcements--to match the number of eventual attendees.

The team leader added that the company had put more than 25 of its consulting partners that have security expertise through a training course. The course will allow them to deliver a package to customers--Quickstart--that deals with patch management and system hardening.

The package will not, however, be introduced until an assessment of the local customer base's risk profile is completed. The assessment, being undertaken by Microsoft Consulting Services (MCS), kicked off a month ago and is expected to end within the next few weeks. Once it is done, MCS will pilot the use of the package with select customers.

English also indicated the company was considering launching a subsidized security mitigation program for its enterprise user base. But he was reticent about providing further details, such as how much the software heavyweight had set aside for the initiative.

"We're in the process of reviewing our options," he said, adding that the value of the initiative in dollar terms was a secondary consideration. He was more concerned about customer willingness to participate in and take ownership of outcomes of a security mitigation exercise.

English said he had in mind a three-stage program to boost Microsoft's security performance and profile with its customer base, with the final stage hopefully completed by 2005/2006.

The aim of the first stage was to "get companies secure," English said. A number of compact discs, set for release over the next three to six months, aim to simplify the task of boosting security for both corporate and home users.

The second stage is based largely on technology developments, with mid-2004's Windows Service Pack 2 due to include a range of upgrades, including an expanded firewall and pop-up ad blocker within Internet Explorer.

Microsoft is also planning to release the Windows Security Center, a dashboard within Windows XP and a part of SP2 that will serve as a centralized place to view security settings and get advice on how to remedy personal computer vulnerabilities.

Service Pack 1 for Windows 2003 Server will be released in the second half of the year and will include improved quarantining technology designed to combat the threat posed by the connection of unsecured devices to corporate virtual private networks

English said the overriding objective of Microsoft's initiatives in this period was to boost platform resilience.

The third stage of the program? "In an ideal world," he said, "Microsoft would have had no significant security breaches for a 12-month period and be recognized as a leader in security".

Iain Ferguson of ZDNet Australia reported from Sydney.