Security Response

There has been a considerable amount of news activity purporting that Google is looking to do a full-scale migration away from using Microsoft products, citing security as the primary impetus. While I can’t say whether or not these reports are indeed true, the story does raise a couple of important issues when it comes to reasoning about how effective your IT security policies are.
 
The first misconception is that the main security risks are rooted in the underlying platform, whether it is Windows, Mac OS, Linux, etc. That might have been true five to seven years ago. The reality today, however, is that much of the attack activity we see is aimed “higher up in the stack.” The targets include applications that run on top of platforms (e.g., Web browsers), third-party add-ons that run on top of applications (e.g., browser extensions or plug-ins), and ultimately the human beings who operate the platform—who, unbeknownst even to themselves,...