|
On 10 July 2001, Microsoft and VeriSign, a provider of Internet trust services, announced an alliance in which VeriSign will provide authentication and security technology for future versions of .NET, Microsoft's XML-based Web service platform. VeriSign will support the Passport single sign-on, authentication system and notification technology of .NET.
In Gartner's view, VeriSign is not simply an independent security vendor that considers Microsoft technology the best solution for its internal infrastructure; Microsoft owns a minority share in VeriSign — an arrangement that provides Microsoft with a convenient way to use financial muscle to influence customers, partners and shape market perception.
In addition, Gartner believes that this relationship, along with other partnerships, will likely work to improve the overall security of Microsoft's products. However, such security improvements will likely result only if Microsoft and VeriSign learn from past mistakes, and their relationship develops to spend more time on security and less on marketing. In January 2001, VeriSign erroneously issued two digital certificates in Microsoft's name to unknown parties posing as Microsoft employees (see Gartner FirstTake FT-13-3953 "Bogus Certificates Could Be Popping Up"). Assuming such partnerships make security convenient to users, administrators and developers, Gartner believes that product uptake will coincide with acceptance of Windows 2000 and XP because users will likely find it easier to use what is "in the box" — even though security may not be perfect.
Gartner believes that the integration of VeriSign's Personal Trust Agent technology with Microsoft's Passport authentication, single sign-in and secure messaging capabilities will result in an enhanced version of Passport that will subsume identification and cryptographic functions of X.509 certificates by 2003 (0.6 probability) or by 2005 (0.8 probability). Although Gartner anticipates significant industry and regulatory backlash against Passport, Microsoft's market position will make resistance futile for many enterprises. Microsoft has shown perseverance in addressing market segments and providing the features it deems strategic. In addition, Microsoft will respond to industry needs for enhanced security in HailStorm and .NET initiatives through partners, and security features will eventually integrate with Microsoft code in applications and operating systems.
Despite this well-publicized move by Microsoft, enterprises should remember that security is not at all about perception or simply about product development. Every enterprise should control its security through good internal IT administration, best practices and the deployment of the right tools when needed.
Analytical Sources: Vic Wheatman and Bradley Hildreth, Information Security Strategies, and Thomas Bittman, NT Strategies
Written by Dean Lombardo, gartner.com
|
