Thursday, November 1, 2007

Microsoft Data Protection: Home and Mobile users excluded

I read a new Aberdeen Group research titled: "Encryption and Key Management" (August, 2007). The article depict the changes of Data protection architecure and mechanisms and highlights current trends. The basic change is from data protection architecture which centralize all critical data in one place and denies unauthorized access to it to a more distributed data architecture.

Aberdeen conclusion was based on a survey. However, many people can reach the same conclusion in less methodological approach: Data quantities, formats and locations are growing massively. users preserve data on PCs and on removable devices (e.g. Disk On Keys and CDs) as well as on multiple servers placed in multiple locations.

The data protection approach of the DOD's Orange Book of the begining of the 90's is no longer realistic. Aberdeen Group basic findings can be summarized in three bullets:

  • Critical and sensitive data should be indetified and protected. Probably not all other data could be protected.

  • The trend is towards encrypting critical data, wherever it is located including End Users devices and removables.

  • Key Management becomes complex, so organizations are moving gradually from manual management to automatic management such as Public Key Infrastructure (PKI)

The trend of encrypting data is the link between Aberdeen Group research and this psot's title.

Microsoft's environment was known as relatively less secure environment than competing environmnets (mainly due to binding between infrastructure and applications). However, few years ago, the company decided to improve the Security of its infarstructure solutions by building trusted environmnets. The compnay's ability to excute is well known (some of us still remeber MSN as an alternative to the Web and "the internet is a fade" attitude until 1995 and the impressive up side down change towards internet solutions), therefore the missing encryption capabilities in Vista Home editions (including Premium) could hardly be explained. Microsoft already developed an encryption solution, which is part of the enterprise editions, so technical issues are not the obstacle towards build in encryption component. Many neccessry as well as unneccessry Security dialog boxes are part of the Home editions Vista (The High granularity of the Security levels prevents elimination of the unneccessry dialog boxes without exposing your system to additional threats), so it seems that lack of emphasys on Security issues is not the reason for this missing component. To me it looks like an unsuccessful marketing decision.

Third party Omnipass solution (at least in my Lenovo mobile computer) is not fully integrated with the system and problems determination involving both the OEM and the vendor is difficult. As an experienced IT professional I succeeded to circomvent an unsolved problem. could the non-IT professionals home users bypass such problems?

Many Home edition users expose their systems to the Web. Web access may expose them to Security thteats including access of their data on their own PC. As most of these users are less aware to Security threats in comparison to corporate users, so critical data (e.g. passwords, Bank account details, credit card details etc.) may be stolen. These users may blame again Microsoft for its non-secured systems.

Aberdeen group's report points at encryption as a mean for reducig threats.

I do think that Home Vista users should help Microsoft to overcome this erronos decision, by asking the company to include build in encryption support in the next Service Pack home editions Vista.

No comments:

About Me

Share on Facebook