Microsoft kills off its Trustworthy Computing Group

Microsoft’s Trustworthy Computing Group is headed for the axe, and its responsibilities will be taken over either by the company’s Cloud & Enterprise Division or its Legal & Corporate Affairs group.

The disbandment of this highly regarded company initiative has yet to be announced publicly by the company, and the group’s website doesn’t sport any notice, but according to Geekwire’s Todd Bishop, the decision has been made.

The change is, ostensibly, due to a decision to try to integrate the Trustworthy Computing work into Microsoft’s engineering teams, and it’s part of the reorganization efforts the company has been doing in the wake of the latest round of layoffs they planned for this year. According to a company spokesman, an unspecified number of jobs from the group will be cut.

“For years the TwC group at Microsoft played an important role in the security industry. You don’t have to agree what they advocated to agree that its presence mattered,” Paco Hope, Principal Consultant at Cigital, commented the news.

“They helped foster conversation about some really hard security topics. Microsoft’s disbanding of the group represents a punctuation mark in the industry’s decades-long conversation around trusted computing as a concept. The security center of gravity is moving away from enterprise desktops to cloud and mobile and ‘things’, so it makes sense for this security leadership role to shift as well.”

“Shutting down a security and privacy initiative is never a good thing, especially not when talking about Microsoft,” noted Kai Roer, Senior Partner at the Roer Group. Still, he believes Microsoft’s explanation for the move could be true.

“If that is what is happening, I think this is a great move. Apple and Google is running point for security and privacy, and Microsoft cannot afford to ignore it: they must move security and privacy from a PR/marketing perspective and into their core organization and products,” he commented.

“The way the story has been spun in media does not help Microsoft, and that is what they need to learn: security and privacy is on the agenda today. It’s not 2002, when they started this initiative with the best of intentions. Removing the initiative in a way that it is perceived by the public as if they are killing it does not work well in 2014. I also believe we should recognize the huge improvements to security Microsoft has made in the past decade, and accept that trustworthy computing probably never was much more than a marketing and lobbying initiative anyway.”

A former TwC strategist who left the group over 2 years ago also had a comment for Help Net Security: “When TwC was established in early 2000s it was a leading-edge approach aimed at building security into company’s DNA. Not many companies could have afforded to do something similar. I have always admired the amount resources that the company invested in this area even before I joined Microsoft.”

“Looking at Microsoft from the outside I always carried an assumption that TwC was created for a purpose: to make security a core competency in the company. Many would agree that this goal has been accomplished. It would not be a far stretch of imagination to assume that this question was asked by Microsoft’s leaders and whether the time has come to leave security ‘built into’ the business.”

“From what I saw being announced it is still unclear which aspects of TwC would be affected by the cuts. Especially the areas that the press seems to be picking up on such as Microsoft Security Response Center and the related functions – as well as the cyber crime unit.”

“Finally, as Casper Bowden was quoted saying and as it happens with any organization over time TwC has likely gathered some fat over the years and overhead that the new MS leadership believes they can do without. If this is the case, the exercise may not be as noteworthy as it may seem at first sight.”

Also today, Microsoft has announced the closure of its Silicon Valley lab. Its research labs in Redmond, New York, and Cambridge (in Massachusetts) will pick up some of the closed lab’s operations.