Feb 23 2007

Building a Better IT Mousetrap

Yet figuring out what to do next — with some level of confidence — wears most information technology managers down. There’s always a new technology, standard, product or pharmaceutical that claims to fix every woe. I know because I get a daily dose of these promotions and prescription deals. Our spam filter catches most of them, but not nearly enough. That’s why building a better mousetrap is the one task that IT managers can never scratch off their to-do lists.

Is Windows Vista a better mousetrap?

That’s a good question. As with any new release, it’s too early to tell. Vista has been in the making for years, and this version hopefully fixes Microsoft’s well-documented Achilles heel: security vulnerabilities. Yet the question of whether Vista offers a better mousetrap is undoubtedly moot for most of you. The issue isn’t if your company will move to the next Microsoft operating system, but when.

The vast majority of businesses long ago standardized on the Windows platform, and, in the near future, no alternative will replace it as the gold standard. That fact helped Microsoft realize that it needn’t stick to its proprietary ways when it comes to security. In the past, Microsoft thought that if it could create a closed-source, proprietary algorithm, its OSes would be less likely to be cracked. In reality, the opposite happened. Microsoft’s own algorithm testing versus that of the hacking world failed. Publicly available algorithms have been attacked and tested; they have withstood the test of time. Such trial by fire provides some peace of mind that an algorithm is, in fact, strong enough to protect data.

Stepping Up

Vista offers a number of security advantages over Windows XP and previous Windows OSes. In terms of protecting corporate data, its improved encryption alternatives are a significant step.

Over the next few months, we’ll continue taking a look under Vista’s hood to tell you what’s working and what’s not. Obviously, among the biggest questions for IT is whether it will improve security. Here on our Web site, you’ll find a multipart podcast series addressing several aspects of Vista security, including encryption, user access controls, PatchGuard and the service control manager. You’ll also find an overview of the BitLocker security feature of Vista in this issue. When it comes to protecting data on mobile devices — and shielding companies from the regulatory consequences and damaged reputation caused by lost or stolen notebook systems that expose sensitive customer information — some say BitLocker is just what the doctor ordered.

By default, BitLocker encrypts the entire hard drive to ensure that an attacker can’t remove the drive to bypass the encryption and access data. But once validated by the Trusted Platform Module chip, the system will still boot up to the Windows “Welcome” or log-in screen. If a user has a weak or blank password, an attacker could still gain access. To provide the security necessary for lost or stolen notebooks, BitLocker must also be configured to require a personal identification number or startup key (stored on a USB thumb drive). The PIN or startup key would be required for Vista to complete the boot process. For more on BitLocker, turn to the article by Tony Bradley here.

The improved encryption in Vista, when it’s properly configured, is one of the components that should make this OS the most secure version of Windows yet. Everyone’s talking about Vista. You make the call.

Lee Copeland
Editor in Chief