Microsoft looks to health care for improved security
At tech-security confab, company says industry has fallen short in areas like "virus" control, where health-care pros have proved more prepared and agile.
SAN FRANCISCO--Microsoft wants to make tomorrow's tech-security world work a lot like tomorrow's health care industry.
While the comparison has long been made in the security industry, with threats like "viruses," Scott Charney, corporate vice president in Microsoft's Trustworthy Computing group, noted that the response to those problems has fallen short in areas where health care has proved more agile.
"Every year there's a new version of the flu," Charney said to attendees of this year's RSA Conference. "There was a time before SARS, and a time before H1N1. And when those threats appeared, [the health care industry] didn't scramble to know what to do, they already had defenses."
Microsoft's multistep plan to put a similar safety net in place approaches the problems from both a security and a data ownership position.
Charney said one option is cryptographically signed health certificates. These would be provided for users who had gone through various security check protocols to prove their machine was not dripping with malware before getting on something like a bank's site or a local intranet.
The second aspect of this measure would be alerting people to possible security holes ahead of when their machines have been compromised. That way, they could put fixes into place before encountering attack scenarios, as well as to avoid compatibility issues with sites and services.
Charney also highlighted the importance of making sure whatever lockdown system went into place for compromised machines would not go too far, so critical services like VoIP weren't being sealed off as well. After all, Charney said, nobody wants to be kept from calling 911 during a heart attack because their computer needs to download software updates.