Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Cloud computing providers: Clueless about security?

    To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not...
  • Blog Post: Lies, Damned Lies and the “Gone Google” Calculator

    An interesting post (by a Microsoft employee) on the Google cost calculator. An interesting read on the way they compete…. Lies, Damned Lies and the “Gone Google” Calculator Roger
  • Blog Post: Identity in the Cloud

    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
  • Blog Post: Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security

    A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001...
  • Blog Post: Can cloud security ever work?

    An interesting question, posed by V3.co.uk: Can cloud security ever work? – How relevant is the question by itself? When computers and especially personal computers were introduced, people asked as well whether the security on a PC will ever work – the question is just not relevant. Let’s face it: The...
  • Blog Post: The Value of Government Clouds

    We recently released a paper called The Economics of Cloud Computing for the EU Public Sector , which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as well. It is definitely worth reading. Andrea...
  • Blog Post: We Need Solid and Strong Transparent Processes for the Cloud

    This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
  • Blog Post: E-Mail–The Low Hanging Fruit for the Cloud?

    I am convinced that there are workloads that can and should be moved to the Cloud: For security reasons as well as for economical reasons. E-Mail might well be the first one of them. There is a good post on that: Editor's Note: Email, the Lowest-Hanging Fruit of the Cloud Roger
  • Blog Post: Video on Microsoft’s Datacenter

    A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...
  • Blog Post: Security Considerations in a Private Cloud

    I am talking a lot about Cloud Security. There are a few observations I made: Even though a lot of people are talking about the Cloud, there is still not too much knowledge about it. What is a private Cloud versus a public Cloud? What is Infrastructure as a Service, Platform as a Service, Application...
  • Blog Post: Definition of Cloud Computing

    Just found this on http://news.yahoo.com/photos/new-adventures-of-queen-victoria-slideshow/20110914-naqv110914-gif-photo-050626492.html Love that Roger
  • Blog Post: Does the business really hate IT?

    Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the “comfortable” position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically...
  • Blog Post: 10 Years of Trustworthy Computing at Microsoft

    Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
  • Blog Post: Doing the right thing on ID management isn't enough...

    Even though it might be obvious, compliance is not only about protecting data but identities as well – and more. Jon Collins, Freeform Dynamics, whom I value high, wrote a good article: Doing the right thing on ID management isn't enough... – you should read it! Roger
  • Blog Post: Cybercrime as a Service–Our Future?

    It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way back, there were discussions on how to leverage GPUs to...
  • Blog Post: Data Governance in the Cloud

    If you look at current discussions between cloud providers and customers, I see it too often that the customer leaves with the impression that the Cloud fixes all their problems. In fact – it does not. Too often I see the Cloud provider telling the customer that they should not care about security anymore...
  • Blog Post: Searchable Encryption for the Cloud–soon?

    This is a very interesting development. Encryption generally would solve a lot of problems around data sovereignty. So, encrypting the data, keeping the key and moving the data to the public cloud could basically address a lot of the risks. Today, it comes with a high price as the data which resides...
  • Blog Post: Who cares where your data is?

    Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately” I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into...
  • Blog Post: Internet Personalization–and How I Never Looked at It…

    This is actually a great speech but very, very, very scary: and the scariest part is that I never looked at it that way but he is right Roger
  • Blog Post: Why Google Won’t Beat Microsoft on Cloud Collaboration

    Well, it is not me saying that, it is actually Clint Boulton , eWeek. He published an article on 10 Reasons Why Google Won't Beat Microsoft in Cloud Collaboration and they are: Microsoft Is Big, Getting Bigger Local Still Preferable? Microsoft Now Lives in the Cloud Bang for the Buck Lies with Microsoft...
  • Blog Post: BPOS-Federal got FISMA Certification

    Great progress on our Cloud: Our BPOF-Federal solution has received FISMA certification and accreditation: BPOS-Federal & FISMA Yes, we really have it for BPOS-F Roger
  • Blog Post: Hotmail now with full-session SSL

    If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger
  • Blog Post: Cloud Computing: Benefits and Risks of Moving Federal IT into the Cloud

    July 1st, Scott Charney, Corporate Vice President Trustworthy Computing was testifying at a hearing of the House Committee on Oversight and Government Reform. Basically the hearing was on the benefits and risk of Cloud adoption for the US government. If you are interested in reading his full testimony...
  • Blog Post: Customer Experience Study: Security Improves in the Cloud

    Last week, when I was in South Africa, a partner of us pointed me to a very interesting paper by KPMG called Cloud computing: Australian lessons and experiences . What I like is, that a lot of the items I was recently raising, where actually reflected in quotes by customers of Cloud providers as well...
  • Blog Post: Information Security Management System for Microsoft Cloud Infrastructure

    Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft's Cloud Infrastructure...