Microsoft can't build the next generation of trusted computer systems on its own, the company's chief research and strategy officer said Tuesday.

Speaking at the RSA Conference, Craig Mundie called for industry dialogue in building a new generation of secure systems, an idea that the company is calling end-to-end trust.

"This end-to-end trust proposal that we've put together is not a product road map, it’s a way of framing the problem," Mundie said. "All of these things that get to the questions of authentication, authorization, access, audit."

Microsoft believes that the technology industry needs to take a more integrated approach to building computer systems that let people establish trust and disclose private information in the same way as in the "real" world. From devices with hardware-based authentication to operating systems and programs that can talk to other programs about their own trustworthiness, to ways of keeping track of where data has been, there are many challenges ahead, Mundie said.

In an earlier keynote address, Art Coviello, executive vice president of EMC's RSA division, said that security systems have a long way to go before they are intuitive. "Existing security technology ... abounds with failures," he said. "Tools that aren't even close to behaving the way that people think."

He called for a "thinking security ecosystem that works across all components of the infrastructure."

Microsoft will need industry cooperation to work out what protocols and formats they'll need to create these end-to-end trust systems, and what kinds of regulations make sense. "We need a lot of work; we can't just do this by ourselves," Mundie said.

The company will also need to prove that it is still relevant, in a world where the most popular applications are increasingly online and where rivals such as Google are looking at how to solve these very same problems.

Microsoft unveiled its end-to-end trust idea during a session conducted as an interview between Mundie and Christopher Leach, senior vice president and chief information security officer at Affiliated Computer Services, a business outsourcing company.

Interoperability is key to make the end-to-end trust idea work, Leach said.

Mundie agreed. "Ultimately we need collaboration with the other people who are building some parts of the products in the system," he said. "People are going to have heterogeneous systems."

The IDG News Service is a Network World affiliate.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports