Software, service converge at Microsoft CIO summit

The evolution of software and online service components may be blurring in the eyes of those who use and manage computer systems. But it couldn't be clearer for Microsoft CEO Steve Ballmer. 'This is a world not of software or service, but of software and service,' he told an audience of nearly 500 public sector CIOs attending a Microsoft-sponsored forum in Redmond, Wash., last week.

'The next big deal' transforming software development ' and driving Microsoft's strategy ' 'is software not as something handed off to consumers or to the enterprise, but served up by technology,' Ballmer said. 'It will be a world in which you don't think of managing rich clients,' but rather one where technology will do the heavy lifting, managing e-mail for instance, regardless of what device is used to access it, or what network is used to deliver it.

Ballmer and a procession of Microsoft specialists and successful public sector IT customers, pointed to the new capabilities of Vista and Office 2007, including Windows Live, Office Live and SharePoint, which recently reached 85 million in seats sold, as examples of how the software-plus-subscription services are unfolding.

Then there are the '250 million PCs that have upgraded to the Windows XP Service Pack,' said Tim O'Brien, Microsoft's director of platform strategy, during a breakout session. 'That's 180 megabytes of code. It's like getting a total upgrade' managed by software subscription technologies, he said.

Software as a service has gotten a lot of attention, O'Brien said, but 'service is essentially software,' he said. Not everyone appreciates 'the Web guys are putting big code on your machine,' he said. Google Earth, eBay's application to transact auctions and iTunes all involve putting a client on your PC, he said. Packaged software still gives a customization and a richness that you can't do in a service model, he argued.

It also stands a much better chance now of being secure, said Scott Charney, Microsoft's vice president for Trustworthy Computing. Charney, who served as chief of the Computer Crime and Intellectual Property Section (CCIPS) at the Justice Department, and now leads the Security Strategies and Network Security Groups at Microsoft, highlighted Microsoft's efforts in recent years to build security 'by design and by default' with layered defenses into Microsoft's products.

'We had 8,500 developers stand down and get trained in security to do a security push' ' to build threat models, document breaches, do human and automated code reviews and conduct internal, cross-group and third-party penetration attacks, he said.

One of the many security issues Microsoft has sought to rectify is user account control. Windows NT, Windows 2000 and Windows XP all allow different users to be assigned different privileges, such as the right to create a new account, install software or run other administrative tasks. But '98 percent of folks are the administrators of their own machines,' said Shanen Boettcher, general manager of Windows Client, who also spoke at the summit. That leaves the PC administration door wide open to stealth programs that install themselves unbeknownst to users clicking through Web page links.

Much tighter privilege controls, a new virtualization buffer to quarantine renegade programs and other layered defense tools built into Windows Vista will help to mitigate against the kinds of breaches prior versions of Windows ' with their need to be backward-compatible ' had a hard time defending against. Microsoft is also rolling out BitLocker Drive Encryption, which prevents someone from accessing a computer's hard disk with a different operating system to bypass file permissions.

Microsoft is also shipping software now set for security by default, said Charney. 'Most people don't use every feature. So we decided to ship features turned off by default,' he said. 'People buy technology not for security but to get things done. Turning things off makes that hard. But you also need to ease overhead costs, to help automate the process with a configuration wizard,' Charney acknowledged. 'In the consumer space, we can do automatic patch updates. But it's harder in enterprise space.'

The two-day symposium, which featured GSA administrator Lurita Doan as a keynote speaker, also touched on the growing role of geospatial solutions for disaster recovery, collaboration tools and customer relations management software.

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

inside gcn

  • smart city (jamesteohart/Shutterstock.com)

    Toolkit for building a smart city plan

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group