The Air Force's CIO wants to see its largest supplier--and other vendors--make greater inroads on the security front.
As if Microsoft didn't have enough trouble with the government. Now an Air Force CIO is taking the vendor--and its competitors, too--to task, saying they need to step up their efforts to establish improved security standards.
Coding errors in commercially developed software account for roughly 80% of successful system intrusions, says Air Force CIO John Gilligan. And hacks today may be aimed at causing more than bottom-line damage. "This is no longer an economic issue. This is clearly a national security issue," Gilligan says.
The cost and energy the Air Force is expending on dealing with coding flaws that are found almost every day, and which could create opportunities for hackers, is taking its toll. It's "rising very fast--approaching the point where we're spending more money to find, patch, and fix vulnerabilities than we paid for the software," he says.
Microsoft doesn't necessarily have worse design problems than other vendors the Air Force buys products from, such as Cisco Systems and Oracle, but it's the largest IT supplier for the Air Force. So "they have the opportunity to show leadership in the industry," Gilligan says. Microsoft has helped set the right tone with Bill Gates' internal memo advocating "trustworthy computing, but the key will be, what's the follow through?"
Gilligan wants other IT industry leaders to take a proactive role, too; he says he'd rather avoid having the government get involved in security standards. The government "recognizes it's not efficient in this arena," he says. "We could develop standards, but it would take us longer and it might not match well with what's reasonable for industry."
Gilligan met last fall with Microsoft's Rick Belluzzo and Howard Schmidt (now vice chairman of the federal Critical Infrastructure Protection Board) to discuss mounting security problems. The Air Force has instituted more rapid processes for patching, but it's no easy task to manage 400,000 desktops running Microsoft software. "We're not leaving Microsoft in a week or six months," says Gilligan. But if the company doesn't improve, the Air Force, with roughly a $6 billion IT budget, will weigh other software options. "Even though Microsoft may have good functionality in products and the purchase price may be reasonable, the overall life-cycle cost and vulnerability may cause us to look at other products."
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.