Cloud Computing | Microsoft Trustworthy Computing Blog

Cloud Computing Security News and Guidance for Businesses and Organizations

February, 2012

  • Security Development Conference 2012: Evolving from Principles to Practices

    Posted by:  Matt Thomlinson, General Manager, Trustworthy Computing Security

    Today, I am excited to announce the inaugural Security Development Conference will be held in Washington D.C. on May 15-16.  This event will bring together business decision makers, security engineers, managers of software security processes, and security policy makers from companies, government agencies and academia. Attendees will learn from security experts and build professional networks that accelerate adoption of holistic and proactive security development practices.

    Ten years ago, Microsoft announced the creation of Trustworthy Computing. Since then, the Security Development Lifecycle (SDL) processes and tools we implemented at Microsoft and shared publicly have been studied and applied by both software vendors and other organizations that build a variety of hardware and software.  Today, security professionals who previously asked “why should I implement the SDL” are asking “how do I implement the SDL within my organization?” Technical decision makers, business decision makers and governments are becoming increasingly aware that present-day operational security protections and regulatory compliance are not sufficient to protect the applications and infrastructures that people rely on every day. The increased demand for a more holistic and prescriptive secure development methodology has evolved into a growing community of practitioners well beyond Microsoft.

  • Cloud Fundamentals Video Series: Evaluating Different Cloud Service Offerings by Comparing Security Controls

    Posted by: Tim Rains, Director, Trustworthy Computing

    If you’ve been following our Cloud Fundamentals series, you’ve heard me discuss why transparency is important for both cloud service providers and their customers.  Another important aspect of this theme that customers have discussed with me is how to get insight into the security controls used to manage cloud service offerings.

    Many of the security professionals I have talked to are looking for assurances about the security practices and security controls that are used by the cloud service provider(s) that they are evaluating services from.  Information on security controls used to operate a service can then be clearly communicated to audit and enterprise risk management groups.

    Today it can be challenging getting information on the security practices used by cloud providers.  Additionally it can be challenging to use such information to compare and contrast the different services offered by these providers. There are at least a couple of factors making this type of comparison harder than it should be..

  • Cloud Fundamentals Video Series: e-discovery in the Cloud

    Posted by: Tim Rains, Director, Trustworthy Computing

    Electronic discovery, or e-discovery, is a hot topic among security professionals whose organizations are using cloud services or are evaluating using cloud services in the future.  When there is a need to perform forensic investigations to recover and collect evidence contained in the cloud for use in potential legal proceedings, cloud customers need to know that their cloud service providers can meet their needs.

    It is very important that cloud customers understand how cloud providers manage e-discovery requests, so that they know these cloud vendors can properly respond to government requests for information.  Cloud providers’ e-discovery processes must be capable of meeting customer needs in a way that isn’t disruptive to the users of cloud services.

    Learn more in this blog post on e-discovery in the cloud.

  • (Re) Introducing Adrienne Hall

    Posted by: Richard Saunders, Director, Trustworthy Computing

    Many years ago I worked for a company in the UK that made paint. I was part of a team planning an official visit by HRH Princess Anne to open a new multi-million pound research laboratory. We thought it would be nice to assign roles to some of the people working in the new facility. One chap in particular, a renowned doctor of science no less, was given the task of opening a door for Her Royal Highness. That’s it, just open the door for her to pass through.

    Come the big day, Princess Anne made her way down the hallway, got to the doctor and his door, which he opened perfectly. She paused and said to the chap “and what do you do?”

    Utterly flustered, all he could manage by way of reply was: “Er, um, er. I open the doors.” She smiled and moved on. He never lived the moment down.

    That’s a rather convoluted way of introducing a new series of personal profiles about people who work on Trustworthy Computing, within a division of the same name. As you may know, Trustworthy Computing (TwC) was formed 10 years ago last month. We’re proud of what we’ve achieved over the last decade, but know we have much more yet to do. We thought it would be fun to take a look at some of the people in TwC and what they do both in and out of work.

    Over the next few weeks from time to time we’ll be posting 30 second profiles on some of our people. The first is on Adrienne Hall, TwC general manager and a regular blogger on this site.

  • Kids Say The Darndest Things…

    Posted by: Jacqueline Beauchere, Director, Privacy, Accessibility & Online Safety, Trustworthy Computing

    We all know that old saying … And, as those kids move into their teen years, their remarks become that much more intelligent, insightful, and astute.  Never was this more apparent to me than at a roundtable discussion led by Microsoft in partnership with the AARP, with a group of 18 American teenagers in New York City.

    During lunch, we talked about their favorite online activities, Internet habits and practices, and how they’re connecting with adult family members using technology.  My key take-away: they don’t believe some massive, technological abyss of knowledge exists among the generations and, if a relatively small gap does persist, they don’t think it needs to be filled.

    Still, adults are embracing technology and, to the extent they’re doing so to keep connected with kids, young people ask that we at least “do it right.” They articulated what I’d call two stages of online interaction:  “fundamentals” and “basics-plus.”

    In the “fundamentals” category, they want adults to learn to use the PC and/or laptop correctly, as well as understand the essentials of navigating the web.  Parents and grandparents, they say, should send email “properly,” be authentic, and act and behave like adults online.  One teenage boy told us he scolded his 55-year-old mother when she was trying to be a little too hip in the digital world.  

  • Looking Ahead: RSA Conference

    Posted by: Adrienne Hall, General Manager, Trustworthy Computing

    There are lots of great reasons to attend next week’s RSA conference in San Francisco. With keynotes by industry thought leaders and in-depth panel sessions with security experts, RSA is the seminal event for the cybersecurity industry and you’ll see many of us from Microsoft in attendance. 

    The cloud, of course, will be the focus of many discussions and the conference will show that the industry has made strong progress on cloud security along with roadmaps and information about what still needs to be done. Another strong theme I think we’ll see coming through is how to strategize for mobile devices and the consumerization of IT.

    Perhaps you’re curious about what Scott Charney will be covering in his keynote, or who Tim Rains will be interviewing next for his Cloud Fundamentals video series. As for me, I’ll be backstage, meeting with reporters, talking to customers in the Microsoft booth and checking out the show floor, attending as many sessions  as possible and hanging out at a few of the evening events. Interesting and fun times ahead!

  • Microsoft Testifies on U.S. Senate Cybersecurity Legislation

    Posted by: Paul Nicholas, Senior Director, Trustworthy Computing, Microsoft

     

    Last week, Scott Charney testified at a hearing of the Senate Committee on Homeland Security and Government Affairs. The hearing was about the Cybersecurity Act of 2012, which is Congress’s first comprehensive legislation aimed at improving cybersecurity across the United States. His full testimony is available here.

    This legislation is an important milestone in the U.S. Congress’ sustained engagement on the topic of cybersecurity and an advancement in the national discussion on how to better secure the information infrastructure of the United States. These legislative proposals provide a risk-based framework intended to improve the security of government and certain critical infrastructure systems and establish an appropriate baseline to address current threats.

  • Get Connected with Family & Friends on Safer Internet Day

    Posted by: Jacqueline Beauchere, Director, Trustworthy Computing Communications, Microsoft

    Each February, the world recognizes Safer Internet Day (SID), an event dedicated to promoting responsible use of the Internet and mobile technology, particularly among youth. Organized by Brussels-based Insafe and co-founded by the European Union, Feb. 7 marks the ninth installment of SID. This year’s theme, "Connecting Generations and Educating Each Other,” once again finds Microsoft playing an active role.

    The company was part of the first SID, and has been a long-standing advocate ever since, particularly in Europe. Last year, the Trustworthy Computing (TwC) Group expanded Microsoft's involvement in North America by hosting three online gaming-related events in as many U.S. cities, keeping with SID's 2011 theme. This year, we're building on that success, and partnering with AARP.

  • View From the Wings at RSA

    Posted by: Adrienne Hall, General Manager, Trustworthy Computing

    Surrounded by the production crew, piles of equipment and lots of people with earnest looks on their faces, backstage is an interesting place to watch a keynote. It’s Tuesday and Scott Charney, corporate vice president of Trustworthy Computing (TwC) has just addressed the audience at RSA Conference 2012 in San Francisco. 

    An articulate presenter, deep thinker and industry influential in his own right, he makes talking to 5,000+ people look easy. Still, it’s always a relief when big moments like this go off as planned. I knew Scott would be fine, but I’m relieved the technology worked; that Scott’s slides appeared in the right order and at the right time, the last round of edits were the ones displayed, and the Trustworthy Computing  Next white paper that Scott referenced was published on our website without a hitch.

    That’s the point of technology right? It should all just work. To help you do whatever you want to do better, easier and more collaboratively.