Subscribe in a reader
Microsoft's RSA Keynote Conversation: Where's the beef?
Submitted by Mike Rothman on Tue, 2007-02-06 12:14.
Part of me wonders whether Microsoft will ever be able to impress me with a keynote. Last year, I hated it because Bill Gates didn't really say anything. This year, he and Craig Mundie are sitting down and talking to us.
I don't like this either. Let's be clear, this is not Gartner's ITExpo. This format isn't working for me. Maybe I'm jaded by folks like Steve Jobs and John Chambers, who are great performers. Even when they say next to nothing, it feels substantive. Bill Gates is never going to present like Steve Jobs, so I should probably recalibrate my expectations.
I find this kind of boring. Too much set up. It took way too long for them to tell us that they are going to talk about 3 things: Networks, Protection and Identity.
Very little on actual products. No demo. That's very interesting. I think this is a lost opportunity. Microsoft is trying to push the conversation forward, but they aren't balancing that need with show customers what they can do today.
Jeez, I'm very surprised by this. I figured he'd just talk about how great and secure Vista is and talk up Forefront and how security is very important to Microsoft. Not much on that at all. Is this Microsoft?
Security feels like a feature in their view of how the infrastructure shakes out. This is counter-intuitive. When they weren't doing anything, they talked about all these products that were coming (but not for years). Now that they've actually done something, they aren't talking about it. Go figure.
Customers can't wait until 2009 or 2010 for Microsoft to help them out. They talked about evolution (not revolution), but didn't lay out a plan for customers. So that is disappointing.
I do like the fact they are focused on setting the agenda, but there is no meat behind the story. It's not clear whether it's chicken, fish, beef or lamb. I don't know how this is going to look, and I probably won't know for 2 or 3 years. I'm an impatient guy and you probably are too.
WHERE'S THE BEEF?!?!?!?
Below are my raw notes and thoughts tapped out during the presentation, check them out if stream of consciousness is interesting.
At first they are focusing on the network, something near and dear to my heart. It needs to evolve. Right on. No one is going to rip and replace (except maybe for a greenfield location). The slide talks about a "trusted zone" and an "untrusted zone." IPSec is the technology they'll use. Seems very 2004 to me, especially since Microsoft themselves announced a new SSL VPN product last week.
"Policy, not topology." Hmmm. That's interesting, especially given mobility and the fact that most companies can't assume they control the networks that their users will connect over. Mundie now talks about Microsoft's own internal challenges. They are a big, global company. How are they eating their own dog food?
They use IPv6, IPSec, and store everything in Active Directory. Individual policies based on USER, not where the user is. Given that Microsoft controls most of the users out there, it's pretty logical that they would be looking at building an overlay. Allows them to poke Cisco in the eye - marginalize the network in the enforcement of security.
Now Gates starts talking about "health checks." They are talking about NAC (or what they call NAP). They spoke about NAP last year. What's new? Nothing, except that it's again a USER-centric model, which makes sense for Microsoft. But this requires Longhorn Server. Chalk it up for 2008, maybe.
Using their own environment as a case study to make the points is pretty effective.
Now he's talking about applying a default deny approach for information access. Don't let folks just get to anything once they connect to the network. Network Access Control (as opposed to pre-admission control), that's novel, eh? I wonder if that will show up as a default with Longhorn. That would be a lot of long term gain, but significant short term pain.
They are moving to talking about "protection." Which is basically information security. Hmm. Their architecture aligns pretty closely with the Pragmatic Security Architecture that I wrote about this time last year. Coincidence? Yep, pretty much.
Securing data at rest and motion. How? Rights management. Arghhh. The world is not ubiquitously Microsoft, so how does their flavor of rights management help me with that? Applications are also part of the equation. NSS (No Shit Sherlock). They "trust" the program and application? I don't buy it. Applications can be broken, trojans and rootkits installed at the hardware level to complicate things. I don't know I trust it.
Now "identity," which is the biggest issue. Again Gates is railing on passwords. Didn't he do that last year? Did they make any progress in deploying smart cards (and certificates). This is a broken record. Passwords are not dead. Not by a long shot.
Microsoft's directory is the key to their identity strategy. Managing certificates. This is a load of hogwash. Passwords aren't the problem. CardSpace is kind of interesting. Not enough to get me to upgrade to Vista right now, but I do look forward to kicking the tires on that.
They are announcing support of OpenID 2.0 within CardSpace. That's the only product announcement they are talking about. Again, I think this is a lost opportunity.
They are wrapping up with a discussion on interoperability. But it's not with other OS or other ecosystem players, it's about drivers that plug into the PC's. Actually it's not. Heterogenous to them seems to mean Windows everywhere, but on different computers.
Big partner slide. Hundreds of little logos. Like someone wouldn't get involved in Microsoft's partner program.
This will be Bill's last appearance at RSA, since he's got a lot of money to give away. Passing the torch to Mundie. At least he combs his hair.
I don't like this either. Let's be clear, this is not Gartner's ITExpo. This format isn't working for me. Maybe I'm jaded by folks like Steve Jobs and John Chambers, who are great performers. Even when they say next to nothing, it feels substantive. Bill Gates is never going to present like Steve Jobs, so I should probably recalibrate my expectations.
I find this kind of boring. Too much set up. It took way too long for them to tell us that they are going to talk about 3 things: Networks, Protection and Identity.
Very little on actual products. No demo. That's very interesting. I think this is a lost opportunity. Microsoft is trying to push the conversation forward, but they aren't balancing that need with show customers what they can do today.
Jeez, I'm very surprised by this. I figured he'd just talk about how great and secure Vista is and talk up Forefront and how security is very important to Microsoft. Not much on that at all. Is this Microsoft?
Security feels like a feature in their view of how the infrastructure shakes out. This is counter-intuitive. When they weren't doing anything, they talked about all these products that were coming (but not for years). Now that they've actually done something, they aren't talking about it. Go figure.
Customers can't wait until 2009 or 2010 for Microsoft to help them out. They talked about evolution (not revolution), but didn't lay out a plan for customers. So that is disappointing.
I do like the fact they are focused on setting the agenda, but there is no meat behind the story. It's not clear whether it's chicken, fish, beef or lamb. I don't know how this is going to look, and I probably won't know for 2 or 3 years. I'm an impatient guy and you probably are too.
WHERE'S THE BEEF?!?!?!?
Below are my raw notes and thoughts tapped out during the presentation, check them out if stream of consciousness is interesting.
At first they are focusing on the network, something near and dear to my heart. It needs to evolve. Right on. No one is going to rip and replace (except maybe for a greenfield location). The slide talks about a "trusted zone" and an "untrusted zone." IPSec is the technology they'll use. Seems very 2004 to me, especially since Microsoft themselves announced a new SSL VPN product last week.
"Policy, not topology." Hmmm. That's interesting, especially given mobility and the fact that most companies can't assume they control the networks that their users will connect over. Mundie now talks about Microsoft's own internal challenges. They are a big, global company. How are they eating their own dog food?
They use IPv6, IPSec, and store everything in Active Directory. Individual policies based on USER, not where the user is. Given that Microsoft controls most of the users out there, it's pretty logical that they would be looking at building an overlay. Allows them to poke Cisco in the eye - marginalize the network in the enforcement of security.
Now Gates starts talking about "health checks." They are talking about NAC (or what they call NAP). They spoke about NAP last year. What's new? Nothing, except that it's again a USER-centric model, which makes sense for Microsoft. But this requires Longhorn Server. Chalk it up for 2008, maybe.
Using their own environment as a case study to make the points is pretty effective.
Now he's talking about applying a default deny approach for information access. Don't let folks just get to anything once they connect to the network. Network Access Control (as opposed to pre-admission control), that's novel, eh? I wonder if that will show up as a default with Longhorn. That would be a lot of long term gain, but significant short term pain.
They are moving to talking about "protection." Which is basically information security. Hmm. Their architecture aligns pretty closely with the Pragmatic Security Architecture that I wrote about this time last year. Coincidence? Yep, pretty much.
Securing data at rest and motion. How? Rights management. Arghhh. The world is not ubiquitously Microsoft, so how does their flavor of rights management help me with that? Applications are also part of the equation. NSS (No Shit Sherlock). They "trust" the program and application? I don't buy it. Applications can be broken, trojans and rootkits installed at the hardware level to complicate things. I don't know I trust it.
Now "identity," which is the biggest issue. Again Gates is railing on passwords. Didn't he do that last year? Did they make any progress in deploying smart cards (and certificates). This is a broken record. Passwords are not dead. Not by a long shot.
Microsoft's directory is the key to their identity strategy. Managing certificates. This is a load of hogwash. Passwords aren't the problem. CardSpace is kind of interesting. Not enough to get me to upgrade to Vista right now, but I do look forward to kicking the tires on that.
They are announcing support of OpenID 2.0 within CardSpace. That's the only product announcement they are talking about. Again, I think this is a lost opportunity.
They are wrapping up with a discussion on interoperability. But it's not with other OS or other ecosystem players, it's about drivers that plug into the PC's. Actually it's not. Heterogenous to them seems to mean Windows everywhere, but on different computers.
Big partner slide. Hundreds of little logos. Like someone wouldn't get involved in Microsoft's partner program.
This will be Bill's last appearance at RSA, since he's got a lot of money to give away. Passing the torch to Mundie. At least he combs his hair.
Recent comments
1 week 2 days ago
3 weeks 3 days ago
3 weeks 3 days ago
3 weeks 4 days ago
3 weeks 4 days ago
3 weeks 4 days ago
4 weeks 4 days ago
10 weeks 3 days ago
11 weeks 20 hours ago
16 weeks 2 days ago