Posted by: Jacqueline Beauchere, Director, Online Privacy and Safety
Before I go any further, I want to assure you that this is a legitimate Microsoft blog, and that I genuinely work for the company.
If you’ve received an unsolicited phone call from someone claiming association with Microsoft and offering technical support, or help with a security problem you didn’t know you had, I wouldn’t blame you for doubting me.
Unfortunately, in today’s day and age, a little suspicion is a good thing because increasingly devious, determined and resourceful criminals want to steal from you. Cash is what they really want, but personal information they can exploit for financial gain – that’ll do nicely, too, thank you.
Posted by: Tim Rains, Director, Trustworthy Computing Communications
In my last blog post, I mentioned Ernst & Young’s 14th annual Global Information Security Survey. One very interesting aspect of this survey is related to the use of mobile computing platforms.
The report states, “our survey shows that the adoption of tablets and smartphones ranked second-highest on the list of technology challenges perceived as most significant, with more than half of respondents listing it as a difficult or very difficult challenge.”
I was in London recently to deliver a keynote at the RSA Conference Europe. I spoke about many of the cloud topics I’m passionate about. Things such as balancing risk and potential when considering the cloud and how the cloud can make security updating more cost efficient for organizations. I also announced the findings of the latest version of Microsoft’s Security Intelligence Report.
Tying these themes together, the underlying point to my keynote was that trust has been the constant imperative throughout history for a technology or radical idea to reach its true potential. The examples I gave were Copernicus’s heliocentric model for the universe, the camera and the telephone.
To see what I mean, please check out my presentation below and share your thoughts on trust and technology.
A big part of my job at Microsoft is talking to CISOs, CSOs, as well as VPs and directors about the security of their organization’s assets, including intellectual property and confidential data. Recently I had the opportunity to talk to a group of them about cloud computing.
There were a number of similarities between the concerns they raised and some of the findings I see reported in various industry surveys, such as Ernst & Young’s 14th annual Global Information Security Survey.
For example, in the report from Ernst & Young it states “61% [of survey respondents] are currently using, evaluating or planning to use cloud computing-based services within the next year.” I can believe that because all the people I talked to recently have either migrated some applications to the cloud or were evaluating doing so in the near term.
Posted by: Richard Saunders, Director, Trustworthy Computing Communications
Since we started this blog, you’ve seen us highlight the trustworthiness of Microsoft’s cloud offerings and our commitment to the cloud as a secure and sustainable computing model.
But it’s always useful to have another’s perspective, so you may want to check out Nick Hoover’s/InformationWeek recent writing on cloud security. Over the last few weeks Nick has sought the opinions of a number of security industryleaders. In a story from this past Monday, “Cloud Security: Better Than We Think?,” Nick tied his recent work together.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
The more I read and speak with people, the more apparent it becomes that cloud solutions are gaining momentum. It’s exciting to see the new cloud offerings joining the cadre of interesting and available solutions.
The potential value is often articulated in economic terms, such as the cloud will save organizations money. Coming at this from a security point of view, there’s definitely the potential for budget savings or personnel efficiencies in this area. Organizations can free up resources in their IT departments by essentially outsourcing security updates to the cloud provider, as those will occur through the provider’s management of the online service. While security experts professionally oversee your security updates, IT staff utilization can shift to other priorities. And smaller organizations, like a doctor’s office, often have the office manager tasked with managing IT, including the management of security updates, back-ups, etc. By relying on a cloud provider to manage functions like updating, the office manager’s time can be re-vectored to patient scheduling and service tasks. This is where I see the cloud not only as a notable technological advancement, but as a business model with clear economic and resource management advantages.
Posted by: Brendon Lynch, Chief Privacy Officer
Cloud computing has quickly become a mainstream technology. Global businesses, entrepreneurs and government agencies are embracing the cloud to accelerate innovation and cut costs.
But the continued growth of cloud computing is not inevitable. Cloud providers need to adequately address the data protection and security concerns of enterprise customers and regulators for cloud services to earn the trust necessary to fulfill their potential benefits for businesses and governments.
One of the most interesting aspects of the Microsoft Security Intelligence Report is data on how regional malware infection rates change over time. This data helps us and our customers understand the tactics and strategies that attackers are using to compromise systems, steal identities and confidential data. Subsequently this intelligence helps our customers optimize their defenses.
We might not be able to predict the unknown, but we can do our best to be prepared for it. For organizations of all sizes contingency planning is vital to success. To this end, my Microsoft colleague, Cindy Bates, vice president, U.S. SMB Organization, recently shared a set of helpful resources on the subject of disaster preparedness.
This e-guide helps cut through the clutter by pointing out the key factors for organizations to consider when building business contingency plans. There’s no one disaster preparedness plan that works for all organizations, but elements such as environment mapping, data backup options and communication methods are integral parts of any successful plan.
I recently visited Brussels, where the European Union has its main base of operations. I visit customers and partners regularly as I get out and about discussing Security Intelligence Report findings.
The most recent volume of the Microsoft Security Intelligence Report, volume 11, which covers the first half of 2011, includes deep dive regional threat assessments on every member state in the EU as well as many other locations. The regional assessments on EU member states provide insight into how many systems were infected with malicious software in each location, what the most prevalent malicious software threats were and the relative concentration of botnets (collections of compromised systems controlled by criminals) used to send spam in each location. We compare trends in different locations without skewing the results because of the differences in populations or computer install bases. This type of data can be useful to EU policymakers by helping to identify the specific security challenges that governments are currently facing, and whether they share common issues that might be tackled through collaboration between member states.