A majority of leading information technology security experts say the security of Microsoft products remains a top concern, but also credit the vendor for its efforts, according to a report released by Forrester Research.
The report, “Can Microsoft Be Secure?” surveyed 35 IT security professionals at companies with at least $US1 billion in annual revenue. Respondents were asked their impressions of Microsoft’s products.
Seventy-seven per cent of those surveyed experienced Windows security problems in the last year. They said security is their “top concern” when deploying Windows applications, according to Forrester.
But that concern didn’t stop them from deploying critical applications on Microsoft’s platforms. Eighty-nine per cent of the IT administrators surveyed said they run sensitive applications such as financial transaction and medical records systems that rely on the Windows operating system, Forrester said.
While the security shortcomings of Microsoft’s products are frequently in the headlines, the software giant deserves more credit than it gets for its ongoing efforts to improve product security, according to Laura Koetzle, a senior analyst at Forrester.
Microsoft’s move to provide plug-ins that can detect bugs in code for Windows applications as they are being developed and its effort to educate its own developers about secure software coding practices are just two positive changes on the security front, according to Koetzle.
“Obviously nobody ever achieves perfect security, but Microsoft is doing a better job now and striving to do a better job in the future,” Koetzle said.
The company still has room for improvement, however.
Microsoft must improve its patch management processes, Koetzle said. Releasing easy-to-use tools that help users securely deploy Microsoft’s server and database software or lock down its Windows operating system would also go a long way toward making its products more secure, she said.
However, other parties have a role to play in achieving the goal of better IT security, according to the Forrester report.
IT managers must standardise Windows server configurations to make it easier to test new patches. Then, they should use patch management technology to deploy those patches faster and with more consistency, Koetzle said.
In addition, other software developers should work more closely with Microsoft, Koetzle suggests. The third-party companies need to keep up-to-date about critical Microsoft patches that affect other vendors’ applications, and certify their products for those patches promptly, she said.