Sign In Register
5G
6G
The Core
The Edge
Open RAN
Private Networks
The Cloud
Security
AI/Automation
Cable Tech
DOCSIS CCAP Cable Business Services 10G The Bauminator
IoT
OSS/BSS/CX
SD-WAN
Optical/IP
FTTX DCI Routing Any Haul/X-Haul
Test & Measurement
Services
4G/3G/WiFi
Satellite
Video/Media
Regions
Asia Africa Europe India Middle East
Industry Show News
Mobile World Congress Big 5G Event
Events
Cable Next-Gen Europe Digital Symposium
Events Archives
Digital Event Archives Asia Tech 2021 Digital Symposium 5G Orchestration & Service Assurance Digital Symposium Optical Networking Digital Symposium
Webinars
Upcoming Webinars Archived Webinars 5G Webinars Live Learning Webinars
White Papers
Tech Centers
Future Vision Tech Center
Market Leader Programs
Internet for the Future
Communities
The 5G Exchange LR Asia Broadband World News Connecting Africa Telecoms.com Women In Comms
Light Reading Video
Telecom Innovators Showcase
Light Reading Audio
Light Reading Podcast Executive Spotlight Q&A
News & Views Events Leading Lights Awards About Us Advertise With Us Newsletter Signup
x
Newsletter Signup Sign In Register

Microsoft Pushes Back

LR Mobile News Analysis Dan Jones, Mobile Editor 11/7/2006
Comment (2)
Microsoft Corp. (Nasdaq: MSFT) is answering an analyst report critizing the security in its new direct push email system for Windows.

Redmond tells Unstrung that its email system already offers security levels sufficient for enterprise users and that it is working on updates.

The rebuttal was sparked by a report issued last week by Jack Gold at J.Gold Associates contending that the way Microsoft sends mobile email could leave data on the device insecure. (See Microsoft's Push Security Problems.)

"There are a lot of things that he missed," says John Starkweather, group product manager for Windows Mobile.

Gold said that data is left unencrypted on the device, which presents a security risk. Starkweather says that there is a good reason for not encrypting data on the device, and that Microsoft has instead built in other safeguards.

"The problem with that is that it's a feature that hardly anybody uses because it slows down the device so much," Starkweather says.

Instead, Microsoft's OS has a feature that wipes out Microsoft data (Outlook and other attachments) if the device is lost or stolen or if the password is entered incorrectly too many times. Redmond has also opened up the API [programming hooks] so that third parties can take advantage of the same feature.

Starkweather also says that the SSL link that Microsoft uses to transmit email data is secure enough for enterprise use. "It's the same connection mechanism that a business would use for a PC," he notes.

In general, Starkweather says that companies have not yet grasped the full importance of securing sensitive data on mobile devices, and that more work needs to be done on user education. "I think that the biggest challenge for the industry is educating users," he says.

The next major round of security updates will come with the next version of Windows Mobile, codenamed "Crossbow," which Starkweather says should be available on handsets in the second half of 2007.

— Dan Jones, Site Editor, Unstrung

Related Stories
COMMENTS
Newest First | Oldest First | Threaded View
Add Comment
jackgold 12/5/2012 | 3:35:32 AM
re: Microsoft Pushes Back First, we did say in the report that the SSL link was secure and good enough for virtually all users and we had no problem with that. Second, while encryption/decryption does slow things down GÇô the fact is that with all the horsepower now on smart phones (300MHz-600MHz processors, lots of memory), this is a trivial issue (unless the device is brain dead, which most current devices are not, and WM ONLY runs on current high powered devices). Both Blackberry and Good provide data encryption capability and their users donGÇÖt seem to be complaining about the delays on the BBs or Treos. Third, while device kill is important and MSFT began supporting this in the last update, it is not sufficient in our opinion (BTW, the other vendors have had device kill for quite some time). It is quite possible that a device could be lost for hours, days or even longer before anyone discovers it is missing and the kill message is sent, giving anyone finding it a chance to pick it up and recover data. And, the current system does not force users to deploy password protection, unless that policy is specifically set by the company policy manager, which may or may not happen (the kill function also has to be specifically set up as a policy) GÇô but in fairness, the same is true on Blackberry and Good as well. Finally, we do agree with John Starkweather's comments on the fact that most companies and users do not have a good handle on what is needed for adequate levels of mobile security, and that it is the interest of everyone GÇô analysts, vendors, publications, and especially enterprises GÇô to raise that level of awareness. But saying we donGÇÖt have it so they donGÇÖt need it is not the answer. Ask a government agency and see if they need encrypted data on a device (or health care providers, or financial institutions). These guys are all looking for FIPS certification. Can MSFT get FIPS certified with their current design?

By raising this issue, I would hope the next version of WM makes encryption and enhanced security a priority (some times promoting visibility of deficiencies helps get those deficiencies corrected quicklyGǪ. If so, IGÇÖd be the first to congratulate MSFT on a job well done. Honestly, I would expect MSFT to be a leader in security, not a market follower playing catch-up.

Jack Gold
Founder and Principal Analyst
J.Gold Associates
www.jgoldassociates.com
Reply | Post Message | MESSAGES LIST | START A BOARD
frnkblk 12/5/2012 | 3:35:31 AM
re: Microsoft Pushes Back It's that whole "data in transit" versus "data at rest" categorization. A product, application, or solution that wants to be secure needs to address both.

Microsoft took care of one, but ignored the other.

Frank
Reply | Post Message | MESSAGES LIST | START A BOARD
FEATURED VIDEO
UPCOMING LIVE EVENTS
Cable Next-Gen Europe Digital Symposium
June 22-24, 2021, Digital Symposium
All Upcoming Live Events
UPCOMING WEBINARS
June 29, 2021 How to Future-Proof Your Fiber Offering
June 30, 2021 5G Standalone: Why, How, and How Fast?
July 15, 2021 The Race to MEC-anize the Mobile Network
July 15, 2021 SCTE Live Learning Webinar™ Series: 10G or Bust: HFC & the Future Access Network
July 20, 2021 Taking Streaming Video to the Next Level: Dealing With Dueling Devices
July 21, 2021 How Low-Latency DOCSIS Can Be a Game-Changer
July 22, 2021 The Journey to Virtualized RAN – Insights 2021
Webinar Archive
PARTNER PERSPECTIVES - content from our sponsors
5G Empowers Smart Healthcare to Fight COVID-19 By Huawei
China Mobile Beijing Deploys Huawei's 5G Indoor Distributed Massive MIMO By Huawei
Indoor Distributed Massive MIMO Brings High-Speed Access to Vanke Mall in Anhui By Huawei
Huawei Intelligent Cloud-Networks: A Practical Guide to the Transformation of DICT Services By Huawei
Broadband Forum's CloudCO Is Ready to Usher in the SDAN Era By Tim Carey, Lead Technology Strategist, Nokia & Broadband Forum Fellow
All Partner Perspectives
GUEST PERSPECTIVES - curated contributions
The folly of attempting to future-proof broadband By
Will service providers achieve the desired outcomes of digital transformation? By Terry Young, Director of 5G and Service Provider Solutions, A10 Networks
All Guest Perspectives
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE