Software // Enterprise Applications
02:47 PM
Connect Directly
Repost This

Microsoft Releases Security Guide For Office Apps

The guide is a set of documents and software to help organizations secure one of the world's most popular set of applications.

At the TechEd IT Forum in Barcelona, Spain, on Tuesday, Microsoft introduced its 2007 Microsoft Office Security Guide, a set of documents and software to help organizations secure one of the world's most popular set of applications.

"We're seen the migration of attacks move from the operating system to the application layer," said Joshua Edwards, technical product manager for Microsoft Office, in an interview. "Historically, that has been a challenge for many organizations."

To meet that challenge, Microsoft has been working for months with government and industry customers to come up with realistic ways to make Microsoft Office as secure as possible.

"This is the first time that similar guidance and similar tools have been available for customers to manage the security settings in Office 2007," said Edwards. "In the past, the controls didn't exist to modify this through group policy."

The Microsoft Office Security Guide includes information and software to help defend Access 2007, Excel 2007, InfoPath 2007, Outlook 2007, PowerPoint 2007, and Word 2007, running on either Windows Vista or Windows XP SP2, against attack and to further the enforcement of corporate IT policy.

It includes: a Security Guide that describes recommended security settings for Office applications in an Enterprise Client (EC) environment, suitable for most companies, and in a Specialized Security -- Limited Functionality (SSLF) environment, for organizations where security is paramount, like the military; a Threats and Countermeasures reference that explores security settings for each Office application in detail; a Security Settings spreadsheet for easy reference; and GPOAccelerator software, which helps administrators deploy security settings across their organization.

SSLF environments might, for example, prevent Office applications from calling out across the Internet for clip art or help files, Edwards explained. "From a privacy standpoint, my desktop applications are not phoning out to the Internet," he said.

The downside is the "limited functionality" part of the bargain. But given the nature of cyber threats today, perhaps it's arguable that less is more when it comes to application features.

As Edwards sees it, there's value in helping customers help themselves. "[The Microsoft Office Security Guide] provides a lot of real-world guidance that doesn't have to be extensively tested by the customer," he said.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.