Sign In Register
5G
The Edge
Open RAN
Private Networks
Cloud Native/NFV
Security
AI/Automation
Cable/Video
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
6G
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Cable Next-Gen Digital SymposiumDistributing/Processing Next-Gen Streaming Video5G Ecosystem Digital SymposiumGlobal Telecoms Awards
Events Archives
Big 5G EventCable Next Gen-Technologies & StrategiesLeading Lights Awards
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register

Microsoft Pushes Back

LR Mobile News Analysis Dan Jones, Mobile Editor 11/7/2006
Comment (2)
Microsoft Corp. (Nasdaq: MSFT) is answering an analyst report critizing the security in its new direct push email system for Windows.

Redmond tells Unstrung that its email system already offers security levels sufficient for enterprise users and that it is working on updates.

The rebuttal was sparked by a report issued last week by Jack Gold at J.Gold Associates contending that the way Microsoft sends mobile email could leave data on the device insecure. (See Microsoft's Push Security Problems.)

"There are a lot of things that he missed," says John Starkweather, group product manager for Windows Mobile.

Gold said that data is left unencrypted on the device, which presents a security risk. Starkweather says that there is a good reason for not encrypting data on the device, and that Microsoft has instead built in other safeguards.

"The problem with that is that it's a feature that hardly anybody uses because it slows down the device so much," Starkweather says.

Instead, Microsoft's OS has a feature that wipes out Microsoft data (Outlook and other attachments) if the device is lost or stolen or if the password is entered incorrectly too many times. Redmond has also opened up the API [programming hooks] so that third parties can take advantage of the same feature.

Starkweather also says that the SSL link that Microsoft uses to transmit email data is secure enough for enterprise use. "It's the same connection mechanism that a business would use for a PC," he notes.

In general, Starkweather says that companies have not yet grasped the full importance of securing sensitive data on mobile devices, and that more work needs to be done on user education. "I think that the biggest challenge for the industry is educating users," he says.

The next major round of security updates will come with the next version of Windows Mobile, codenamed "Crossbow," which Starkweather says should be available on handsets in the second half of 2007.

— Dan Jones, Site Editor, Unstrung

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
jackgold 12/5/2012 | 3:35:32 AM
re: Microsoft Pushes Back First, we did say in the report that the SSL link was secure and good enough for virtually all users and we had no problem with that. Second, while encryption/decryption does slow things down GÇô the fact is that with all the horsepower now on smart phones (300MHz-600MHz processors, lots of memory), this is a trivial issue (unless the device is brain dead, which most current devices are not, and WM ONLY runs on current high powered devices). Both Blackberry and Good provide data encryption capability and their users donGÇÖt seem to be complaining about the delays on the BBs or Treos. Third, while device kill is important and MSFT began supporting this in the last update, it is not sufficient in our opinion (BTW, the other vendors have had device kill for quite some time). It is quite possible that a device could be lost for hours, days or even longer before anyone discovers it is missing and the kill message is sent, giving anyone finding it a chance to pick it up and recover data. And, the current system does not force users to deploy password protection, unless that policy is specifically set by the company policy manager, which may or may not happen (the kill function also has to be specifically set up as a policy) GÇô but in fairness, the same is true on Blackberry and Good as well. Finally, we do agree with John Starkweather's comments on the fact that most companies and users do not have a good handle on what is needed for adequate levels of mobile security, and that it is the interest of everyone GÇô analysts, vendors, publications, and especially enterprises GÇô to raise that level of awareness. But saying we donGÇÖt have it so they donGÇÖt need it is not the answer. Ask a government agency and see if they need encrypted data on a device (or health care providers, or financial institutions). These guys are all looking for FIPS certification. Can MSFT get FIPS certified with their current design?

By raising this issue, I would hope the next version of WM makes encryption and enhanced security a priority (some times promoting visibility of deficiencies helps get those deficiencies corrected quicklyGǪ. If so, IGÇÖd be the first to congratulate MSFT on a job well done. Honestly, I would expect MSFT to be a leader in security, not a market follower playing catch-up.

Jack Gold
Founder and Principal Analyst
J.Gold Associates
www.jgoldassociates.com
Reply | Post Message | MESSAGES LIST | START A BOARD
frnkblk 12/5/2012 | 3:35:31 AM
re: Microsoft Pushes Back It's that whole "data in transit" versus "data at rest" categorization. A product, application, or solution that wants to be secure needs to address both.

Microsoft took care of one, but ignored the other.

Frank
Reply | Post Message | MESSAGES LIST | START A BOARD
FEATURED VIDEO
UPCOMING LIVE EVENTS
Cable Next-Gen Digital Symposium
October 6-10, 2020, Two Day Digital Symposium
Distributing/Processing Next-Gen Streaming Video
October 15, 2020, Online Seminar
5G Ecosystem Digital Symposium
October 19-21, 2020, Two Day Digital Symposium
Global Telecoms Awards
November 6, 2020, London, UK
All Upcoming Live Events
UPCOMING WEBINARS
September 29, 2020 Open vRAN Promises to Change the Mobile Access Network From Procurement to Performance
September 29, 2020 Turning Disparate Data Into a Market Growth Opportunity
September 30, 2020 Rewriting the FTTx playbook with Open and Disaggregated approach
September 30, 2020 IoT Innovation to Provide Social Good in Pandemic
October 1, 2020 Extracting the business value from cloud transformation – myths and realities of value generation
October 6, 2020 Cable Next-Gen Symposium Day One
October 7, 2020 Edge Computing in Telco Networks: Gaining the Competitive Edge
October 8, 2020 Cable Next-Gen Symposium Day Two
October 8, 2020 5G Core Security: Assessing Commercial Readiness
October 12, 2020 The 5G Platform – Using the Value Plane to Bridge Business and Network Empowering Next-Generation Monetization
October 13, 2020 The state of SRv6
October 15, 2020 Distributing/Processing Next-Gen Streaming Video
October 22, 2020 SCTE•ISBE Live Learning Webinar Series: Virtualizing the Cable Access Network
November 19, 2020 SCTE•ISBE Live Learning Webinar Series: Testing the Next-Gen Cable Network
December 10, 2020 SCTE•ISBE Live Learning Webinar Series: Dreaming of Streaming Video
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
COVID-19: The Lasting Impacts on Telecom By Huawei
Security assurance is essential in a 5G world By ZTE
AUTIN, Contactless Intelligent Operations By Huawei
'Five Uninterrupted Support' for Remote Network Assurance By Huawei
Wi-Fi 6 and 5G: Better Together By Cisco Systems
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
Is the COVID-19 pandemic a catalyst for the fourth industrial revolution? By Javier Ger, Telecom Argentina & Claudio Saes, Bell Labs Consulting
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE