Microsoft Taps VeriSign To Spruce Up Security Image

In a bid to boost its often-mocked Trustworthy Computing initiative, Microsoft has reached an agreement to work with VeriSign to make Microsoft products more secure.

The company also said it will train a new generation of security experts to master its software by adding a security certification to its existing training offerings. This move reflects demand among customers for security personnel who are well versed in the Windows platform.

“Microsoft is beginning to make real progress in Trustworthy Computing,” said Scott Charney, chief trustworthy strategist at the company. However, he added, “Much work remains to be done.”

The initiatives were announced at the Tech*Ed Conference in Dallas, Texas.

A Year and Counting

Even though the Redmond, Washington-based software giant made Trustworthy Computing a major initiative last year, it continues to be hounded by security problems.

The SQL Slammer worm that raked across the Internet early this year exploited a known flaw in the company’s software. In addition, the U.S. Federal Trade Commission (FTC) last month said it would launch a probe into whether a problem that may have exposed some users’ Passport account information violated an agreement between the FTC and Microsoft.

Those and other incidents seem to be holding back the Trustworthy effort from having its desired impact. A recent Forrester Research report suggested that as many as 75 percent of executives are concerned about the security of Microsoft products.

Partner in Time

The VeriSign alliance is designed to give Microsoft a well-respected security ally, Forrester Research analyst Rob Enderle told the E-Commerce Times, a likely acknowledgment that Microsoft needs assistance to recover its security reputation.

“Microsoft is the biggest and its code has been around the longest, so of course it’s going to have more flaws,” Enderle said. “But after a while, the constant revelation of flaws does add up in the minds of customers.”

VeriSign will work with Microsoft to leverage public key infrastructure (PKI) and digital certificates to enhance security by verifying that data requests are legitimate. The effort also will aim to boost interoperability of digital certificate platforms and make mobile connections to enterprise networks more secure.

Security, Certifiable

The other effort involves training Microsoft engineers and system administrators in security specialties. Although Microsoft already certifies such professionals as experts in the Windows 2000 platform, those who take extra exams now will be eligible to gain a security expert designation.

Microsoft said customers asked for the designation more than a year ago, at which time the company began developing the certification.

Win Some, Lose Some

Microsoft has made it clear that it plans to push to improve its beleaguered security image, but sometimes even steps taken in that direction seem to backfire.

Last month, for example, the company unveiled a new security prototype designed to make even desktop computers safe enough to handle sensitive computing transactions. But critics immediately said the Next Generation Secure Computing Base would require users to create entire Microsoft-friendly environments to be effective.