Despite taking a beating in the press and from customers for security holes in its products, decision makers at Microsoft appear to think the company still has something to teach the world about computer security. The Redmond, Washington company this week published a technical white paper that describes its internal security practices, which Microsoft hopes will "help customers successfully secure their environments," the company said. The paper, simply titled "Security at Microsoft," details the methods and technologies that the company"s Operations and Technology Group (OTG) use to secure the company"s global corporate network of more than 300,000 computers and 4,200 servers.
In the paper, Microsoft describes its risk management strategy, which involves classifying different computing resources according to their "value class" -- from servers hosting the Windows source code down to test servers. Microsoft also provides guidance on how its security group assesses the potential risks and threats to those assets and creates policies to secure the assets that are appropriate, given the value of the data they contain. Just as interesting are the tidbits of information about Microsoft"s security operation that can be gleaned from the document. For example, Microsoft discloses that the company experiences more than 100,000 intrusion attempts each month and receives more than 125,000 infected e-mail messages.