Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Cloud computing providers: Clueless about security?

    To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not...
  • Blog Post: Identity in the Cloud

    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
  • Blog Post: Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security

    A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001...
  • Blog Post: The Value of Government Clouds

    We recently released a paper called The Economics of Cloud Computing for the EU Public Sector , which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as well. It is definitely worth reading. Andrea...
  • Blog Post: We Need Solid and Strong Transparent Processes for the Cloud

    This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
  • Blog Post: Video on Microsoft’s Datacenter

    A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...
  • Blog Post: Security Considerations in a Private Cloud

    I am talking a lot about Cloud Security. There are a few observations I made: Even though a lot of people are talking about the Cloud, there is still not too much knowledge about it. What is a private Cloud versus a public Cloud? What is Infrastructure as a Service, Platform as a Service, Application...
  • Blog Post: IT outsourcing most affected by data leaks – What about the Cloud?

    I recently asked in a panel, where the difference is between Cloud Computing and classical outsourcing – I kind of became unpopular because this is simply uncool… But I stick with it (knowing there are differences) but the difference is not that big in my opinion. So, reading this article IT outsourcing...
  • Blog Post: Does the business really hate IT?

    Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the “comfortable” position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically...
  • Blog Post: 10 Years of Trustworthy Computing at Microsoft

    Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
  • Blog Post: Cloud Security Paper: Looking for Feedback

    As most of you as well, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Therefore I...
  • Blog Post: Selecting the right Cloud partner

    One of the challenges customers always have is, how to select the right cloud partner and fairly often security drives this selection. The Cloud Security Alliance published the Cloud Controls Matrix quite a while ago and in addition a Consensus Assessments Initiative Questionnaire and a lot of request...
  • Blog Post: Cybercrime as a Service–Our Future?

    It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way back, there were discussions on how to leverage GPUs to...
  • Blog Post: HP and Microsoft Partnership: That’s What You Need in the Cloud

    Often when I talk to our customers and they ask me about the cloud, a lot of questions come up. Most of them are security related (obviously) but some of them are more management focused. For example the question about how to manage a hybrid environment, where part of your business is run on premise...
  • Blog Post: Searchable Encryption for the Cloud–soon?

    This is a very interesting development. Encryption generally would solve a lot of problems around data sovereignty. So, encrypting the data, keeping the key and moving the data to the public cloud could basically address a lot of the risks. Today, it comes with a high price as the data which resides...
  • Blog Post: Who cares where your data is?

    Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately” I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into...
  • Blog Post: What’s the “Cloud” or better “What’s not a Cloud”

    On analyst (and very active Tweeter on http://twitter.com/monkchips ) quite a while ago (March 08) published a post, which we recently drew up in one of the cloud discussions: If you peel back the label and its says “Grid” or “ OGSA ” underneath… its not a cloud. If you need to send a 40 page requirements...
  • Blog Post: Do you really want to move to the Cloud? Really?

    Well, the question is not too provocative. The longer I look into the risk, the more I am asking this question. Now, we have to separate the different company sizes. I guess for a small and medium business – with the correct safety measures – it makes a lot of sense and you could safe some money. But...
  • Blog Post: A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?

    I recently came across a paper called Shadows in the Cloud , which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network , an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the...
  • Blog Post: Internet Personalization–and How I Never Looked at It…

    This is actually a great speech but very, very, very scary: and the scariest part is that I never looked at it that way but he is right Roger
  • Blog Post: Moving to the Cloud: Where it worked and where I was challenged

    I am running a whole environment at home to experience our technology. However, up to now it was all “on premise”, no Cloud integration. This has to change. Therefore I was more than happy to join our internal  Hosted Exchange 14 beta program. We are offering the hosted Exchange program to Live...
  • Blog Post: Legal Challenges of International Business and the Cloud

    To start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started to think about the legal challenges we – as an industry...
  • Blog Post: Secure Datacenter, Secure Cloud, Secure Government

    At the moment I invest a lot of my time in a Whitepaper on Client and Cloud Security. There are a few fundamentals, which are already clear to me: You will not be able to run a trusted cloud ecosystem without a trusted client and trusted interactions. So, the End to End Trust model is needed in...
  • Blog Post: Insider Threat of Cloud Computing

    Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You're missing the real threat . David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is still bigger. When...
  • Blog Post: Manage your PCs in the Cloud – Sign up for Windows Intune Beta

    We just opened the Beta for Windows Intune, your new PC management and security solution in the cloud. Here is a screenshot if the web console: So, go and sign up for the Beta: http://www.microsoft.com/online/windows-intune.mspx Roger