The Air Force's CIO wants to see its largest supplier--and other vendors--make greater inroads on the security front.
As if Microsoft didn't have enough trouble with the government. Now an Air Force CIO is taking the vendor--and its competitors, too--to task, saying they need to step up their efforts to establish improved security standards.
Coding errors in commercially developed software account for roughly 80% of successful system intrusions, says Air Force CIO John Gilligan. And hacks today may be aimed at causing more than bottom-line damage. "This is no longer an economic issue. This is clearly a national security issue," Gilligan says.
The cost and energy the Air Force is expending on dealing with coding flaws that are found almost every day, and which could create opportunities for hackers, is taking its toll. It's "rising very fast--approaching the point where we're spending more money to find, patch, and fix vulnerabilities than we paid for the software," he says.
Microsoft doesn't necessarily have worse design problems than other vendors the Air Force buys products from, such as Cisco Systems and Oracle, but it's the largest IT supplier for the Air Force. So "they have the opportunity to show leadership in the industry," Gilligan says. Microsoft has helped set the right tone with Bill Gates' internal memo advocating "trustworthy computing, but the key will be, what's the follow through?"
Gilligan wants other IT industry leaders to take a proactive role, too; he says he'd rather avoid having the government get involved in security standards. The government "recognizes it's not efficient in this arena," he says. "We could develop standards, but it would take us longer and it might not match well with what's reasonable for industry."
Gilligan met last fall with Microsoft's Rick Belluzzo and Howard Schmidt (now vice chairman of the federal Critical Infrastructure Protection Board) to discuss mounting security problems. The Air Force has instituted more rapid processes for patching, but it's no easy task to manage 400,000 desktops running Microsoft software. "We're not leaving Microsoft in a week or six months," says Gilligan. But if the company doesn't improve, the Air Force, with roughly a $6 billion IT budget, will weigh other software options. "Even though Microsoft may have good functionality in products and the purchase price may be reasonable, the overall life-cycle cost and vulnerability may cause us to look at other products."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.