Microsoft Pushes Back
Microsoft Corp. (Nasdaq: MSFT) is answering an analyst report critizing the security in its new direct push email system for Windows.
Redmond tells Unstrung that its email system already offers security levels sufficient for enterprise users and that it is working on updates.
The rebuttal was sparked by a report issued last week by Jack Gold at J.Gold Associates contending that the way Microsoft sends mobile email could leave data on the device insecure. (See Microsoft's Push Security Problems.)
"There are a lot of things that he missed," says John Starkweather, group product manager for Windows Mobile.
Gold said that data is left unencrypted on the device, which presents a security risk. Starkweather says that there is a good reason for not encrypting data on the device, and that Microsoft has instead built in other safeguards.
"The problem with that is that it's a feature that hardly anybody uses because it slows down the device so much," Starkweather says.
Instead, Microsoft's OS has a feature that wipes out Microsoft data (Outlook and other attachments) if the device is lost or stolen or if the password is entered incorrectly too many times. Redmond has also opened up the API [programming hooks] so that third parties can take advantage of the same feature.
Starkweather also says that the SSL link that Microsoft uses to transmit email data is secure enough for enterprise use. "It's the same connection mechanism that a business would use for a PC," he notes.
In general, Starkweather says that companies have not yet grasped the full importance of securing sensitive data on mobile devices, and that more work needs to be done on user education. "I think that the biggest challenge for the industry is educating users," he says.
The next major round of security updates will come with the next version of Windows Mobile, codenamed "Crossbow," which Starkweather says should be available on handsets in the second half of 2007.
— Dan Jones, Site Editor, Unstrung
Redmond tells Unstrung that its email system already offers security levels sufficient for enterprise users and that it is working on updates.
The rebuttal was sparked by a report issued last week by Jack Gold at J.Gold Associates contending that the way Microsoft sends mobile email could leave data on the device insecure. (See Microsoft's Push Security Problems.)
"There are a lot of things that he missed," says John Starkweather, group product manager for Windows Mobile.
Gold said that data is left unencrypted on the device, which presents a security risk. Starkweather says that there is a good reason for not encrypting data on the device, and that Microsoft has instead built in other safeguards.
"The problem with that is that it's a feature that hardly anybody uses because it slows down the device so much," Starkweather says.
Instead, Microsoft's OS has a feature that wipes out Microsoft data (Outlook and other attachments) if the device is lost or stolen or if the password is entered incorrectly too many times. Redmond has also opened up the API [programming hooks] so that third parties can take advantage of the same feature.
Starkweather also says that the SSL link that Microsoft uses to transmit email data is secure enough for enterprise use. "It's the same connection mechanism that a business would use for a PC," he notes.
In general, Starkweather says that companies have not yet grasped the full importance of securing sensitive data on mobile devices, and that more work needs to be done on user education. "I think that the biggest challenge for the industry is educating users," he says.
The next major round of security updates will come with the next version of Windows Mobile, codenamed "Crossbow," which Starkweather says should be available on handsets in the second half of 2007.
— Dan Jones, Site Editor, Unstrung
frnkblk
12/5/2012 | 3:35:31 AM
re: Microsoft Pushes Back
It's that whole "data in transit" versus "data at rest" categorization. A product, application, or solution that wants to be secure needs to address both.Microsoft took care of one, but ignored the other.
Frank
FEATURED VIDEO
UPCOMING LIVE EVENTS
February 7-9, 2023, Virtual Event
February 15, 2023, Virtual Event
March 15-16, 2023, Embassy Suites, Denver, CO
March 21, 2023, Virtual Event
May 15-17, 2023, Austin, TX
December 6-7, 2023, New York City
UPCOMING WEBINARS
February 2, 2023
DIY Data Center Automation Deep Dive: Challenges and Opportunities for CSPs, Enterprises, and Cloud Providers
February 7, 2023
Optical Networking Digital Symposium - Day 1
February 9, 2023
Optical Networking Digital Symposium - Day 2
February 14, 2023
Achieve Your Growth Potential with Next-Gen Content Delivery
February 15, 2023
Digital Divide Digital Symposium
February 16, 2023
SCTE® LiveLearning for Professionals Webinar™ Series: Getting the Edge on Edge Computing
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
How 5G Thrives ASEAN Digital Economy
By Huawei
Capitalizing On 5G Innovation To Deliver Breakthroughs At The Edge
By Kerry Doyle, sponsored by ZTE
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
Telco vs. Cable: Who comes out on top?
By Cheenu Seshadri, Managing Partner, Three Horizon Advisors
Don't worry about the government?
By Patrick Donegan, Principal Analyst, HardenStance
All Guest Perspectives
By raising this issue, I would hope the next version of WM makes encryption and enhanced security a priority (some times promoting visibility of deficiencies helps get those deficiencies corrected quicklyGǪ. If so, IGÇÖd be the first to congratulate MSFT on a job well done. Honestly, I would expect MSFT to be a leader in security, not a market follower playing catch-up.
Jack Gold
Founder and Principal Analyst
J.Gold Associates
www.jgoldassociates.com