Gates Outlines Microsoft's Security Vision

Microsoft chairman Bill Gates kicked off the 2006 RSA Conference on Tuesday with the message that in a networked world that's becoming more complex, keeping security simple is the key to keeping it effective.

"If you look at the security systems that are out there today, we don't achieve [simplicity]," he says. "The number of things people have to keep track of is probably an order of magnitude more than it needs to be for people to be able to manage their systems effectively. If there's an area where we absolutely have to get better, this is it."

The always-unique RSA event features historical math- and science-related themes, and this year was no exception. The motif for 2006 is ancient Vedic mathematics, and Gates was ushered onstage by a lively narrative and musical presentation that looked more like something out of a Hollywood awards show.

Gates' hour-long presentation featured several glitch-free demos of how Microsoft is enabling stronger security across its platforms, including the upcoming Vista, all highlighting the company's desire to establish fundamentally secure platforms. "Older systems were secure because they were isolated," Gates says. "You can't layer on top of a system elements to make it secure; you get too much of a mismatch between the components. This design approach is absolutely critical--thinking these things through from the beginning and not bringing security in at the end is very important. This has been a big shift for Microsoft."

The company is moving aggressively forward with its vision for smart cards that will eventually reduce or eliminate the need for multiple passwords. The one news snippet coming out of the keynote speech was the announcement that Certificate CLM, which enables the provisioning of smart cards, began beta testing today. Gates also told the audience that new anti-malware products are on the way without disclosing specific release dates."Today we're using password systems, but they simply won't cut it," he says. "Very quickly they're becoming the weak link, so we need to move to multi-factor authentication. A lot of that will be a smart card-type approach that needs to be built into the system itself. I don't pretend that we'll move away form passwords overnight, but this change can and should take place over a three-to-four-year period."

Despite sharp increases in new security threats, Gates claims to be confident about the direction the industry is heading. "Advances in standards make me very optimistic that we'll be able to pull this together, but the move toward digital approaches in everything we do is accelerated," he says. "We're making progress, but it's a very big challenge to make sure security is not the thing that's holding us back."