Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Securing Microsoft’s Cloud Infrastructure

Securing Microsoft’s Cloud Infrastructure

  • Comments 3
  • Likes

A lot of people and companies are talking about “the Cloud” today. I guess that there are not too many companies that share the same track record of running online services as Microsoft. 1994 we launched MSN and since then we are in this business.

Microsoft Global Foundation Services (the group responsible for this infrastructure) just published a document called Securing Microsoft’s Cloud Infrastructure which is definitely worth reading. In my opinion a few items will be key when talking about a trustworthy cloud, one of them being transparency. Transparency how your data is handled, how software is written and operated, how incidents are dealt with, etc.  This paper definitely helps on our side to drive in this direction although we did already a lot in this respect like making the Security Development Lifecycle available and communicating transparently about security challenges etc.

To show the importance of security for our online services as well, I would like to quote the paper:

The core driver to creating an effective security program is having a culture that is aware of and highly values security.  Microsoft recognizes that such a culture must be mandated and supported by company leaders. The Microsoft leadership team has long been committed to making the proper investments and incentives to drive secure behavior. In 2002, the company formed the Trustworthy Computing initiative with Bill Gates committing Microsoft to fundamentally changing its mission and strategy in key areas. Today, Trustworthy Computing is a core corporate value at Microsoft, guiding nearly everything the company does. At the foundation of this initiative are these four pillars: Privacy, Security, Reliability, and Business Practices. For more information on Trustworthy Computing, see the Microsoft Trustworthy Computing page.

Microsoft understands that success in the rapidly changing business of online services is dependent upon the security and privacy of customers’ data and the availability and the resiliency of the services Microsoft offers. Microsoft diligently designs and tests applications and infrastructure to internationally recognized standards in order to demonstrate these capabilities and compliance with laws and with internal security and privacy policies. As a result, Microsoft customers benefit from more focused testing and monitoring, automated patch delivery, cost-saving economies of scale, and ongoing security improvements.

Here are the links to the different papers we published today:

Roger

Comments
  • I hear a lot about Microsoft Cloud infrastructure and securing it is certainly important to many applications.  However, I could not figure whether this infrastructure is ready and being offered as a service now like the Amazon EC2, which we have been using for a while.  I appreciate any pointers.

  • Hi Alex,

    I cannot answer your question THAT eaisly as you cannot compare the services 1:1: It depends, what you are really after:

    We offer direct access not unlike EC2 via Business Productivity Online Standard (BPOS - http://www.microsoft.com/online/default.mspx) either as “Infrastructure as a service” or “Application as a service”.  Windows Azure is our “Platform as a service” offering which sits between the other two.  If you are looking for a service, it is BPOS, if you are looking for the plattform, it is Windows Azure

    Roger

  • was a very nice article thank you again for this post are expected to welcome

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment