Feeds

Microsoft offers Architects a view

First postcard from Microsoft's conference

Business security measures using SSL

Always be careful what you wish for. I liked Stuart Okin when he was chief security officer for Microsoft UK and thought he did a lot for Microsoft's credibility in this area, but I'm afraid I occasionally laughed at Microsoft for putting a developer type in charge of security, instead of a superannuated spook as everyone else does.

Well, I'm sorry now, as at Microsoft's Architect Insight conference (you can find the programme here) I saw the pukka ex-FBI agent now in charge (Ed Gibson) – and he's actually a bit scary. Ed Gibson is an entertaining speaker, but he sure plays the FBI card and "protect the little girls" hard - and actually wears a suit (so Microsoft really is the new IBM).

At least the assembled "architects" (and what is an "architect"? – Matt Deacon, chief architectural advisor to Microsoft UK, had a defining matrix I didn't find too convincing) weren't usually wearing suits. Which perhaps indicates that an architect is merely a well-paid systems cum business analyst – which may be no bad thing.

Gibson made some good points, however, about the need for architects to design security into systems so that their business users, as Gibson puts it, "don't have to play in my world".

However, I don't really believe that there are these two worlds. There's a continuum for most people, from little dishonesties that "don't matter" or punish their employer for some real or imagined injustice; to major frauds and criminalities. Most people stop at the beginning of that path and good governance built into automated systems (yes, Gibson is right, architects do have a responsibility here) encourages this. But I don't believe that a black and white division of people into two groups (the sheep that live blameless, if boring, lives; and the, possibly romantic, goats that break the rules) helps us to introduce good governance.

I was much happier with Lord Erroll's keynote (he's an independent peer and involved with PITCOM, the parliamentary IT committee) about the legislative process that is increasingly embodied in or impacts automated systems and the need to balance risk-taking entrepreneurial attitudes against an understandably risk-averse concern with safety - "life is for living".

Erroll pointed out that rules can't control a complicated system which is usually non-deterministic (or, at least, chaotic) in behaviour. What architects or designers can do is put boundaries around what is acceptable behaviour – as English common-law tries to do. Getting too prescriptive and, for example, implementing laws (or development methodologies, for that matter) that you can't enforce, rapidly becomes counter-productive.

He sees security as something which facilitates business – a very sensible point of view. So, identity management is not only about who you are but what role you're performing – and what authority you have to make "contracts" in that role.

Erroll also points out that globalisation has an impact on all this – you may build a bomb-proof data repository in the USA but if it is not proof against the Patriot Act, Chinese businesses, say, may not want to use it. The aims of legislation like the Patriot Act may be very laudable, but if you can inspect company data in order to prevent terrorism who's to say that the information won't also leak to a US business rival as straightforward, possibly state-sanctioned, industrial espionage?

So, the conference keynotes so far are about setting down Microsoft's credentials as a good player in the corporate governance space, although the sessions proper are much more IT and business focused. More on these later.

Oh, and Nick McGrath (director of platform strategy at Microsoft Ltd) wants us all to petition our local standards body (BSI) to support the ratification of Ecma Open XML as an ISO standard (a pleading letter was included in the conference pack). "The issue should be technical, not political," he says. Really? Since when was standards-making not political, in part at least? Why do you think that the (mostly excellent) OMG UML 2.0 standard has redundancies in it, if not to keep participating vendors happy?

No, the real issue with standards is the follow-on availability of cheap, effective interoperability testing suites. I don't really see why we can't have overlapping standards, where Open XML, say, supports conversion from legacy Microsoft Office document formats into something more open, and ODF supports a simple universal (but less rich) document format for everybody else to use. Any tools will have to support both formats just as they import Word docs now. Once you have your Word documents in XML format, converting this to ODF can't be that hard – and if ODF can't cope with spreadsheets, at least that removes a huge source of errors from the company archives <grin>.

Microsoft's Architect Insight conference is being held in Gwent and is sponsored by Avanade, Capgemini, Conchango and Solidsoft.

New hybrid storage solutions

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.