Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
Selecting the right Cloud partner
One of the challenges customers always have is, how to select the right cloud partner and fairly often security drives this selection. The Cloud Security Alliance published the Cloud Controls Matrix quite a while ago and in addition a Consensus Assessments Initiative Questionnaire and a lot of request...
9 Apr 2012
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
12 Jan 2012
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001...
16 Dec 2011
Searchable Encryption for the Cloud–soon?
This is a very interesting development. Encryption generally would solve a lot of problems around data sovereignty. So, encrypting the data, keeping the key and moving the data to the public cloud could basically address a lot of the risks. Today, it comes with a high price as the data which resides...
10 Aug 2011
Video on Microsoft’s Datacenter
A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...
29 Jul 2011
Cloud Security in Office365
You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how...
15 Jul 2011
Security Considerations in a Private Cloud
I am talking a lot about Cloud Security. There are a few observations I made: Even though a lot of people are talking about the Cloud, there is still not too much knowledge about it. What is a private Cloud versus a public Cloud? What is Infrastructure as a Service, Platform as a Service, Application...
24 Jun 2011
Does the business really hate IT?
Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the “comfortable” position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically...
23 Jun 2011
Internet Personalization–and How I Never Looked at It…
This is actually a great speech but very, very, very scary: and the scariest part is that I never looked at it that way but he is right Roger
15 Jun 2011
Who cares where your data is?
Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately” I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into...
10 Jun 2011
Cloud computing providers: Clueless about security?
To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not...
4 May 2011
Cybercrime as a Service–Our Future?
It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way back, there were discussions on how to leverage GPUs to...
12 Jan 2011
The Value of Government Clouds
We recently released a paper called The Economics of Cloud Computing for the EU Public Sector , which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as well. It is definitely worth reading. Andrea...
12 Nov 2010
We Need Solid and Strong Transparent Processes for the Cloud
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
8 Jun 2010
Identity in the Cloud
Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
25 May 2010
A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?
I recently came across a paper called Shadows in the Cloud , which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network , an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the...
21 Apr 2010
Manage your PCs in the Cloud – Sign up for Windows Intune Beta
We just opened the Beta for Windows Intune, your new PC management and security solution in the cloud. Here is a screenshot if the web console: So, go and sign up for the Beta: http://www.microsoft.com/online/windows-intune.mspx Roger
21 Apr 2010
Council of Europe – Octopus Conference (Cooperation against Cybercrime) – Key Messages
I blogged on Day 1 and Day 2 but as I expected, I was unable to blog yesterday on the conference. However, let me just briefly give you my impression of the final day: The core part of this last day was a whole block on Cloud Computing. There were different presentations on the subject and then a panel...
26 Mar 2010
Azure Showcase: The Eye on Earth
Well, you know, fairly often when I look at showcases I am a little bit disappointed I have to admit. Mainly because the technology which is shown is really cool and I would love to leverage it – just it works in the US only. Or better, it works across the globe but the data which is available is fairly...
19 Mar 2010
Insider Threat of Cloud Computing
Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You're missing the real threat . David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is still bigger. When...
11 Mar 2010
Legal Challenges of International Business and the Cloud
To start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started to think about the legal challenges we – as an industry...
8 Mar 2010
Cloud Security Paper: Looking for Feedback
As most of you as well, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Therefore I...
30 Jan 2010
HP and Microsoft Partnership: That’s What You Need in the Cloud
Often when I talk to our customers and they ask me about the cloud, a lot of questions come up. Most of them are security related (obviously) but some of them are more management focused. For example the question about how to manage a hybrid environment, where part of your business is run on premise...
14 Jan 2010
Secure Datacenter, Secure Cloud, Secure Government
At the moment I invest a lot of my time in a Whitepaper on Client and Cloud Security. There are a few fundamentals, which are already clear to me: You will not be able to run a trusted cloud ecosystem without a trusted client and trusted interactions. So, the End to End Trust model is needed in...
28 Oct 2009
What’s the “Cloud” or better “What’s not a Cloud”
On analyst (and very active Tweeter on http://twitter.com/monkchips ) quite a while ago (March 08) published a post, which we recently drew up in one of the cloud discussions: If you peel back the label and its says “Grid” or “ OGSA ” underneath… its not a cloud. If you need to send a 40 page requirements...
2 Oct 2009
Page 1 of 2 (30 items)
© 2013 Microsoft Corporation.
Privacy & Cookies