Feeds

Microsoft offers Architects a view

First postcard from Microsoft's conference

Top 5 reasons to deploy VMware with Tegile

Always be careful what you wish for. I liked Stuart Okin when he was chief security officer for Microsoft UK and thought he did a lot for Microsoft's credibility in this area, but I'm afraid I occasionally laughed at Microsoft for putting a developer type in charge of security, instead of a superannuated spook as everyone else does.

Well, I'm sorry now, as at Microsoft's Architect Insight conference (you can find the programme here) I saw the pukka ex-FBI agent now in charge (Ed Gibson) – and he's actually a bit scary. Ed Gibson is an entertaining speaker, but he sure plays the FBI card and "protect the little girls" hard - and actually wears a suit (so Microsoft really is the new IBM).

At least the assembled "architects" (and what is an "architect"? – Matt Deacon, chief architectural advisor to Microsoft UK, had a defining matrix I didn't find too convincing) weren't usually wearing suits. Which perhaps indicates that an architect is merely a well-paid systems cum business analyst – which may be no bad thing.

Gibson made some good points, however, about the need for architects to design security into systems so that their business users, as Gibson puts it, "don't have to play in my world".

However, I don't really believe that there are these two worlds. There's a continuum for most people, from little dishonesties that "don't matter" or punish their employer for some real or imagined injustice; to major frauds and criminalities. Most people stop at the beginning of that path and good governance built into automated systems (yes, Gibson is right, architects do have a responsibility here) encourages this. But I don't believe that a black and white division of people into two groups (the sheep that live blameless, if boring, lives; and the, possibly romantic, goats that break the rules) helps us to introduce good governance.

I was much happier with Lord Erroll's keynote (he's an independent peer and involved with PITCOM, the parliamentary IT committee) about the legislative process that is increasingly embodied in or impacts automated systems and the need to balance risk-taking entrepreneurial attitudes against an understandably risk-averse concern with safety - "life is for living".

Erroll pointed out that rules can't control a complicated system which is usually non-deterministic (or, at least, chaotic) in behaviour. What architects or designers can do is put boundaries around what is acceptable behaviour – as English common-law tries to do. Getting too prescriptive and, for example, implementing laws (or development methodologies, for that matter) that you can't enforce, rapidly becomes counter-productive.

He sees security as something which facilitates business – a very sensible point of view. So, identity management is not only about who you are but what role you're performing – and what authority you have to make "contracts" in that role.

Erroll also points out that globalisation has an impact on all this – you may build a bomb-proof data repository in the USA but if it is not proof against the Patriot Act, Chinese businesses, say, may not want to use it. The aims of legislation like the Patriot Act may be very laudable, but if you can inspect company data in order to prevent terrorism who's to say that the information won't also leak to a US business rival as straightforward, possibly state-sanctioned, industrial espionage?

So, the conference keynotes so far are about setting down Microsoft's credentials as a good player in the corporate governance space, although the sessions proper are much more IT and business focused. More on these later.

Oh, and Nick McGrath (director of platform strategy at Microsoft Ltd) wants us all to petition our local standards body (BSI) to support the ratification of Ecma Open XML as an ISO standard (a pleading letter was included in the conference pack). "The issue should be technical, not political," he says. Really? Since when was standards-making not political, in part at least? Why do you think that the (mostly excellent) OMG UML 2.0 standard has redundancies in it, if not to keep participating vendors happy?

No, the real issue with standards is the follow-on availability of cheap, effective interoperability testing suites. I don't really see why we can't have overlapping standards, where Open XML, say, supports conversion from legacy Microsoft Office document formats into something more open, and ODF supports a simple universal (but less rich) document format for everybody else to use. Any tools will have to support both formats just as they import Word docs now. Once you have your Word documents in XML format, converting this to ODF can't be that hard – and if ODF can't cope with spreadsheets, at least that removes a huge source of errors from the company archives <grin>.

Microsoft's Architect Insight conference is being held in Gwent and is sponsored by Avanade, Capgemini, Conchango and Solidsoft.

Security for virtualized datacentres

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Yes, Virginia, there IS a W3C HTML5 standard – as of now, that is
You asked for it! You begged for it! Then you gave up! And now it's HERE!
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.