Soft strategy: a Microsoft perspective

Eric Rudder, Microsoft's senior vice president for technical strategy, recently visited the region to launch Windows Server 2008. ACN caught up with him to talk long-term strategy, and what Microsoft needs to do about security.

  • E-Mail
By  Eliot Beer Published  August 23, 2008

But if you look at the power that just simple analysis can have - I hear lots of stories about business analysis where you talk to a customer and they talk about one business insight they had through analysis - one product price change they were able to make, or one bundling they were able to achieve - that pays for the investment 20 times over. These stories are real.

I think these are all good long-term trends in IT that we're starting to talk about now.

Microsoft receives a lot of criticism regarding the security of its OS - how much responsibility should vendors assume when it comes to helping clients secure their systems?

I think we have a lot of the responsibility - I think some of the good news is that we've been at this now, in terms of top-of-the-line consciousness, for six years, going on seven. It really has created a mindset.

Secure by design? Definitely our responsibility. Secure by default? Definitely our responsibility. Secure in operation - we share that responsibility with customers.

In terms of building better products, designing better systems and building better reporting and training our partners in the ecosystem - and training other ISVs - our role as an industry leader really demands that we work together with our customers and partners.

The responsibility is there - we gladly accept it; being as popular a platform as we are, we have to accept it.

Does the way developers - including Microsoft - look at security have to change, now that defeating security has become not just a hobby, but a business?

People realise how important security is, I'll say that. It's a real responsibility that businesses have in terms of not just their data, but their customers' data - I think people are sensitive to that.

I think part of it is building security products, and so the investments we're making in product lines such as Forefront is clearly important - but it's more than a trend, it's just what a responsible business does.

It's no different than if you ran a business with no computers and just kept your customers' data written down on a piece of paper - that data should not be shared with people who should not see it.

How can technologies become relevant to organisations in regions such as the Middle East that see no need for them or are not confident of being able to deploy them?

I think it's true of this region - I think it's true of many regions - that you'll have a spectrum of adoption on the graph. Part of it is in terms of peer readiness training - working with customers, with partners, to make sure they have the technical skills and capacity to take advantage of the new technology. If you look at our investment in the region, a large part of our investment goes towards making sure the ecosystem is ready.

When new technologies come along, I think we can also be more prescriptive about how to deploy them in specific scenarios where the payback is well understood - honestly, one of the best things we do is share case studies of customers that are in the region or sector, those case histories of success.

If you look at CIOs, when they get together and one of them recommends something, that carries a lot more weight. Enabling early adopters and sharing that case information will help folks.

Things like virtualisation, that's one where, ironically, even though you may be leading edge in adopting the technology of virtualisation, you're actually lowering your overall IT risk. Because you can leave older applications and systems technology in place, you don't have to "risk" the upgrade. While you may be embracing new virtualisation technology, your overall IT risk is going down.

I think that's true for other areas besides virtualisation, such as security - you may have to learn a new security product or set of operational policies, but the risk of not securing your infrastructure using the latest technology available seems to be a greater operational risk.

Educating folks on the fact that you can adopt new technology in a way that doesn't need to risk your business, you can adopt new technology in a way that doesn't have to be all or nothing - this will be quite helpful for folks as well.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code