Posted by BPuhl on February 21, 2009
My buddy Dan who used to work in Microsoft IT Security, and is now working over in the Information Protection product group (mostly known for RMS) wrote a doc back in 2005 on the evolution of security in the enterprise. He had been asked for the doc so many times that he posted it to a blog about a year ago, but whenever I start thinking hard about federation, application authorization, claims based identity, and all of the other “fun” topics which make my days interesting, I occasionally need to go back and remember that being in IT is as much about where we are “at”, as where we are “going”.
This is the main graphic from the document:
From what I can tell, we are somewhere around the little tick mark that separate “near term” from “mid term”. Things like IPSec, NAP, Windows Firewall, etc… have all done a pretty good job of moving the security from the network boundary to the host. With Windows Server 2008 R2, Microsoft has finally productized Direct Access – which I can now admit that I have been happily been using for 2-3 years now, and probably couldn’t live without.
But when I think of the challenges in the identity space around federation, the separation between personal and business data, and how we’re going to protect the enterprise when everything is in the cloud – I can’t help but to think that maybe the arc on that “data” line is (unfortunately) a little too steep. As hard as we try internally, the adoption around data protection is still far below what we need it to be.
Progress takes time, and I like working with the IPC team as they have a great things planned for the future. Like everyone else though, it’s hard for me to “wait for the next release” to get the features I need.