Feeds

Microsoft offers Architects a view

First postcard from Microsoft's conference

Internet Security Threat Report 2014

Always be careful what you wish for. I liked Stuart Okin when he was chief security officer for Microsoft UK and thought he did a lot for Microsoft's credibility in this area, but I'm afraid I occasionally laughed at Microsoft for putting a developer type in charge of security, instead of a superannuated spook as everyone else does.

Well, I'm sorry now, as at Microsoft's Architect Insight conference (you can find the programme here) I saw the pukka ex-FBI agent now in charge (Ed Gibson) – and he's actually a bit scary. Ed Gibson is an entertaining speaker, but he sure plays the FBI card and "protect the little girls" hard - and actually wears a suit (so Microsoft really is the new IBM).

At least the assembled "architects" (and what is an "architect"? – Matt Deacon, chief architectural advisor to Microsoft UK, had a defining matrix I didn't find too convincing) weren't usually wearing suits. Which perhaps indicates that an architect is merely a well-paid systems cum business analyst – which may be no bad thing.

Gibson made some good points, however, about the need for architects to design security into systems so that their business users, as Gibson puts it, "don't have to play in my world".

However, I don't really believe that there are these two worlds. There's a continuum for most people, from little dishonesties that "don't matter" or punish their employer for some real or imagined injustice; to major frauds and criminalities. Most people stop at the beginning of that path and good governance built into automated systems (yes, Gibson is right, architects do have a responsibility here) encourages this. But I don't believe that a black and white division of people into two groups (the sheep that live blameless, if boring, lives; and the, possibly romantic, goats that break the rules) helps us to introduce good governance.

I was much happier with Lord Erroll's keynote (he's an independent peer and involved with PITCOM, the parliamentary IT committee) about the legislative process that is increasingly embodied in or impacts automated systems and the need to balance risk-taking entrepreneurial attitudes against an understandably risk-averse concern with safety - "life is for living".

Erroll pointed out that rules can't control a complicated system which is usually non-deterministic (or, at least, chaotic) in behaviour. What architects or designers can do is put boundaries around what is acceptable behaviour – as English common-law tries to do. Getting too prescriptive and, for example, implementing laws (or development methodologies, for that matter) that you can't enforce, rapidly becomes counter-productive.

He sees security as something which facilitates business – a very sensible point of view. So, identity management is not only about who you are but what role you're performing – and what authority you have to make "contracts" in that role.

Erroll also points out that globalisation has an impact on all this – you may build a bomb-proof data repository in the USA but if it is not proof against the Patriot Act, Chinese businesses, say, may not want to use it. The aims of legislation like the Patriot Act may be very laudable, but if you can inspect company data in order to prevent terrorism who's to say that the information won't also leak to a US business rival as straightforward, possibly state-sanctioned, industrial espionage?

So, the conference keynotes so far are about setting down Microsoft's credentials as a good player in the corporate governance space, although the sessions proper are much more IT and business focused. More on these later.

Oh, and Nick McGrath (director of platform strategy at Microsoft Ltd) wants us all to petition our local standards body (BSI) to support the ratification of Ecma Open XML as an ISO standard (a pleading letter was included in the conference pack). "The issue should be technical, not political," he says. Really? Since when was standards-making not political, in part at least? Why do you think that the (mostly excellent) OMG UML 2.0 standard has redundancies in it, if not to keep participating vendors happy?

No, the real issue with standards is the follow-on availability of cheap, effective interoperability testing suites. I don't really see why we can't have overlapping standards, where Open XML, say, supports conversion from legacy Microsoft Office document formats into something more open, and ODF supports a simple universal (but less rich) document format for everybody else to use. Any tools will have to support both formats just as they import Word docs now. Once you have your Word documents in XML format, converting this to ODF can't be that hard – and if ODF can't cope with spreadsheets, at least that removes a huge source of errors from the company archives <grin>.

Microsoft's Architect Insight conference is being held in Gwent and is sponsored by Avanade, Capgemini, Conchango and Solidsoft.

Remote control for virtualized desktops

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Whistling Google: PLEASE! Brussels can only hurt Europe, not us
And Commish is VERY pro-Google. Why should we worry?
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.