Security thinking has largely failed to adapt to the internet age in which devices from inside and outside connect to the company network.
Gates maintained that networks are no longer isolated "glass houses" where defending the perimeter is enough.
"We cannot think of that glass house as the way that we create isolation. We have to define what can connect to what. We need a more powerful paradigm," Gates told delegates.
Security needs to cope with the fact that users bring portable systems such as mobile phones, notebook computers and USB storage keys inside corporate networks.
Partners and customers, meanwhile, expect to connect to services through the internet.
These trends require security to move from a perimeter level to an application level, argued Craig Mundie, Microsoft's chief research and strategy officer.
"Programs are becoming proxies for people. We need to be able to say: 'Give this program access,'" he said.
CardSpace is a service inside Windows Vista that allows users to create digital identity cards for online services.
It is expected to limit the risk of phishing attacks and replace authentication that is based on user names and passwords.
Gates described passwords as the "weakest link" as users continue to use easily guessed words, and companies pay large sums to reset lost passwords.
The Microsoft chairman has repeatedly predicted that smartcards and digital certificates will replace the current password structure.
But Mundie warned that digital certificates and application-based security programs will not work without the proper management tools.
Microsoft plans to offer better support for security management in the forthcoming version of its Windows Server operating system codenamed Longhorn.
The company also unveiled its Identity Lifecycle Manager 2007 at the RSA Conference. Slated for general availability by May, the software promises to manage user identities through certificates and smartcards.
"What we have to do better is think about what the boundaries are. This is something that Microsoft did not do well in its early days," Mundie conceded.
"We never did a lot of thinking about where to create boundaries and interoperability and hook-ups to create intrinsic security for our system."
- Microsoft ignores Vista upgrade loophole
- Longhorn Server to offer tighter identity integration
- Symantec warns against conflicts of security interest
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France