This Government Computer News story describes the keynote given by Microsoft chairman Bill Gates and chief research and strategy officer Craig Mundie at the RSA convention that is being held this week in San Francisco. Clearly, the emphasis is shifting from protecting the network to protecting the information that rides on it.
The explosion of mobile and decentralized workers -- utilizing robust wired and wireless networks and more powerful devices -- has made a focus on protecting the perimeter of the corporate network antiquated. The internal network is everywhere.
That means there's a lot of valuable data floating around, and it's a big problem in terms of security. The solution is, in a sense, to forget about the network and instead make sure people requesting a bit of data or information are entitled to it no matter where they are, what device they or using or what type of network they are accessing the data on.
Easier said than done. The GCN story suggests that the first step is to include a high level of data integrity/security functionality in the operating systems and the applications themselves. Gates and company say that that's what they've done with Vista, Office 2007 and subsequent releases. The corollary to this is that the days of the standalone security vendor may be numbered.
The shift from network security was evident in the build up to the RSA conference. One of the big stories there was said to be the evolution of network access control (NAC), an emerging security and management sector that focuses on controlling end points' access to corporate resources. This rapidly growing approach deals in access and data flows, not spyware and virus prevention.