Feeds

Microsoft offers Architects a view

First postcard from Microsoft's conference

High performance access to file storage

Always be careful what you wish for. I liked Stuart Okin when he was chief security officer for Microsoft UK and thought he did a lot for Microsoft's credibility in this area, but I'm afraid I occasionally laughed at Microsoft for putting a developer type in charge of security, instead of a superannuated spook as everyone else does.

Well, I'm sorry now, as at Microsoft's Architect Insight conference (you can find the programme here) I saw the pukka ex-FBI agent now in charge (Ed Gibson) – and he's actually a bit scary. Ed Gibson is an entertaining speaker, but he sure plays the FBI card and "protect the little girls" hard - and actually wears a suit (so Microsoft really is the new IBM).

At least the assembled "architects" (and what is an "architect"? – Matt Deacon, chief architectural advisor to Microsoft UK, had a defining matrix I didn't find too convincing) weren't usually wearing suits. Which perhaps indicates that an architect is merely a well-paid systems cum business analyst – which may be no bad thing.

Gibson made some good points, however, about the need for architects to design security into systems so that their business users, as Gibson puts it, "don't have to play in my world".

However, I don't really believe that there are these two worlds. There's a continuum for most people, from little dishonesties that "don't matter" or punish their employer for some real or imagined injustice; to major frauds and criminalities. Most people stop at the beginning of that path and good governance built into automated systems (yes, Gibson is right, architects do have a responsibility here) encourages this. But I don't believe that a black and white division of people into two groups (the sheep that live blameless, if boring, lives; and the, possibly romantic, goats that break the rules) helps us to introduce good governance.

I was much happier with Lord Erroll's keynote (he's an independent peer and involved with PITCOM, the parliamentary IT committee) about the legislative process that is increasingly embodied in or impacts automated systems and the need to balance risk-taking entrepreneurial attitudes against an understandably risk-averse concern with safety - "life is for living".

Erroll pointed out that rules can't control a complicated system which is usually non-deterministic (or, at least, chaotic) in behaviour. What architects or designers can do is put boundaries around what is acceptable behaviour – as English common-law tries to do. Getting too prescriptive and, for example, implementing laws (or development methodologies, for that matter) that you can't enforce, rapidly becomes counter-productive.

He sees security as something which facilitates business – a very sensible point of view. So, identity management is not only about who you are but what role you're performing – and what authority you have to make "contracts" in that role.

Erroll also points out that globalisation has an impact on all this – you may build a bomb-proof data repository in the USA but if it is not proof against the Patriot Act, Chinese businesses, say, may not want to use it. The aims of legislation like the Patriot Act may be very laudable, but if you can inspect company data in order to prevent terrorism who's to say that the information won't also leak to a US business rival as straightforward, possibly state-sanctioned, industrial espionage?

So, the conference keynotes so far are about setting down Microsoft's credentials as a good player in the corporate governance space, although the sessions proper are much more IT and business focused. More on these later.

Oh, and Nick McGrath (director of platform strategy at Microsoft Ltd) wants us all to petition our local standards body (BSI) to support the ratification of Ecma Open XML as an ISO standard (a pleading letter was included in the conference pack). "The issue should be technical, not political," he says. Really? Since when was standards-making not political, in part at least? Why do you think that the (mostly excellent) OMG UML 2.0 standard has redundancies in it, if not to keep participating vendors happy?

No, the real issue with standards is the follow-on availability of cheap, effective interoperability testing suites. I don't really see why we can't have overlapping standards, where Open XML, say, supports conversion from legacy Microsoft Office document formats into something more open, and ODF supports a simple universal (but less rich) document format for everybody else to use. Any tools will have to support both formats just as they import Word docs now. Once you have your Word documents in XML format, converting this to ODF can't be that hard – and if ODF can't cope with spreadsheets, at least that removes a huge source of errors from the company archives <grin>.

Microsoft's Architect Insight conference is being held in Gwent and is sponsored by Avanade, Capgemini, Conchango and Solidsoft.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.