Cloud Computing | Microsoft Trustworthy Computing Blog

Cloud Computing Security News and Guidance for Businesses and Organizations

April, 2012

  • Cloud Fundamentals Video Series: Interdependencies Among Cloud Services and Compliance

    By: Tim Rains, Director, Trustworthy Computing

    Consumers of cloud services generally don’t get to see the layers of technology that they rely on.  For many, this seamless delivery is part of the value proposition of cloud computing; depending on the type of deployment, customers expect their cloud provider to manage the details so they can get on with the business of running their business.

    The reality though is that cloud providers leverage the services and infrastructure of many other vendors to be able to deliver a service to their customers. For example, network services to and from a data center are likely provided by two or more network providers in order to provide redundancy, load balancing, and address other architectural needs.

    It’s not surprising then that for a cloud provider to deliver a reliable service that meets customers’ security, privacy and compliance requirements there is significant interdependence between each of the layers that make up the cloud. 

  • Cloud Fundamentals Video Series: Windows Azure & the CSA STAR

    By: Tim Rains, Director, Trustworthy Computing

    Earlier in this series I wrote about transparency and how the Cloud Security Alliance’s (CSA) Security Trust and Assurance Registry (STAR) provides cloud customers with some insight into how cloud providers are managing the security controls of their cloud offerings.

    Office 365 was one of the first services to publish a self-assessment in the CSA’s STAR; this past week Microsoft published a second self-assessment in the STAR, this time for Windows Azure.

  • A Trifecta of Cloud Security Transparency

    Posted by: Tim Rains, Director, Trustworthy Computing

    If you have been following our Trustworthy Computing Cloud Fundamentals Video Series you have probably seen at least two videos where we discuss the importance of transparency in cloud security controls. In addition, we have shared how the Cloud Security Alliance’s (CSA) Security Trust and Assurance Registry (STAR) can help provide that transparency to cloud providers and cloud consumers.  If you haven’t seen these videos or would like a refresher, you can watch them here:

    As you can see from these video interviews, both Office 365 and Windows Azure have self-assessments published in the CSA’s STAR.  This was an important step in demonstrating our commitment to transparency for our cloud customers.  As of late last week we are pleased to share that Microsoft Dynamics CRM has also published a self-assessment in the CSA’s STAR.

  • Cloud Fundamentals Video Series: Cloud Security Standards - Are There Too Many Cooks in the Kitchen?

    Posted by: Tim Rains, Director, Trustworthy Computing

    I have been asked more than a few times whether I think there are too many people involved in developing cloud security standards and best practices.  The underlying concern is that when too many people get involved, the process of developing new standards becomes too bureaucratic and progress is slower than it should be.  But, the process has to be inclusive enough so that important nuances from different markets and industries are not overlooked.  This balance needs to be carefully managed.

  • Cloud Fundamentals Video Series: Philippe Courtot and Tim Rains Discuss Cloud Security

    Posted by: Tim Rains, Director, Trustworthy Computing

    Industry collaboration is critical to helping businesses, governments and citizens realize safer computing experiences.  It is also important in the context of cloud security.  Earlier in this series I discussed the benefits of industry collaboration with the Executive Director of the Cloud Security Alliance.  In this installment of the Trustworthy Computing Cloud Fundamentals Video Series, I discuss industry collaboration with Philippe Courtot, the Chairman and CEO of Qualys – a corporate member of the Cloud Security Alliance.

  • TwC and NCSA - 10 Years of Online Safety & Security

    Posted by: Jacqueline Beauchere, Director, Trustworthy Computing Communications


    For more than a decade, we at Microsoft have been protecting consumers from online safety and security risks not only by our work in Trustworthy Computing (TwC), but in our partnerships with others in industry, business, and the non-profit community – an effort we refer to as “Fostering Digital Citizenship.”

    In addition to  being the 10-year milestone of TwC, 2012  marks the decade anniversary of the National Cyber Security Alliance (NCSA), a not-for-profit dedicated to educating and empowering society to use the Internet safely – at home, work, and school. NCSA also focuses on protecting technology, networks, and other shared digital assets.

    Microsoft is a founding member of NCSA, and I have been the company’s representative to the NCSA board of directors for more than half of its existence. In the last 10 years, NCSA has grown both in size and influence, and we’ve seen it flourish as a leading voice in Internet safety and security awareness and education.

  • The Forgotten Part of Cloud Security – the Clients

    Posted by: Tim Rains, Director, Trustworthy Computing

    Most of the conversations I have about cloud computing focus on the role of cloud providers to manage the security of the services they provide to their customers.  It seems like implementing security controls, providing visibility into those controls, and ensuring services meet or exceed standards and compliance requirements are themes that are top of mind for most of the customers I talk to.

    I think the reason for this is that some cloud computing architectures, like software as a service, offer customers the opportunity to offload many of the aforementioned security responsibilities to their cloud providers.  But I rarely hear anyone talk about the residual risk in this arrangement.  The obvious place to look for residual risk is the management of the clients used to access cloud services.  I have written about the consumerization of IT and BYOD in the past, and how many CISOs are being challenged to evolve their strategies for protecting their organizations’ assets.

  • Introducing Brendon Lynch

    Posted by: Richard Saunders, Director, Trustworthy Computing


    Today we want to introduce you to Brendon Lynch, Microsoft’s Chief Privacy Officer. In this 30-second profile series, we give an inside look at our team by informally interviewing members of Trustworthy Computing about what they do both in and out of work. We have now profiled Adrienne Hall and Steve Lipner.

    - What do you do in TwC and how long have you been doing it?

    I am the company’s Chief Privacy Officer (CPO). I joined the privacy team in TwC eight years ago and became the CPO in 2010. In this role I am responsible for privacy policy creation and implementation across the company, engaging with external stakeholders and influencing the creation of privacy and data protection technologies for customers.

    - What’s the first thing you do every day at work?

    Catch up on emails from my European colleagues and contacts. There is a lot of interest and activity in the privacy and data protection field in Europe right now so that flow of email seems to be growing.

  • Standing up to Bullying

    Posted by: Richard Saunders, Director, Trustworthy Computing

    The new documentary “Bully” is getting quite a bit of media attention for telling the story of school-yard harassment through the eyes of children who are tormented by their classmates. It’s through these individual narratives that the movie reinforces the need for all of us to stand up to bullying of all kinds. 

    Jacqueline Beauchere, Director, Trustworthy Computing Online Safety at Microsoft, recently spoke with a Seattle, WA television station about how the movie aligns with the company’s anti-bullying platform.  Microsoft has been working to help raise awareness of “cyberbullying” (online bullying) for several years by working with educators, advocates, and other organizations to create action plans and find solutions to reduce bullying incidents. Cyberbullying is an extension of physical, in-person bullying. As a sponsor of the movie, Microsoft wants to continue to help parents and educators stand up to bullying by sharing these important tips:

    • Get and stay involved and educated on the issue
    • Communicate with and inform other parents what you learn
    • Make and enforce the rules -- for both the bully and the victim
    • Encourage kids to make friends and look out for one another
    • Keep the lines of communication open; let kids know they can come to you, and you’ll help address their issue in a way that they’re comfortable with
    • Look for signs of bullying, such as a child’s reluctance to go to or stay at school, or that he or she gets upset when online or texting.
  • Online Safety & Wellness for Seniors in L.A.

    Posted by: Jacqueline Beauchere, Director, Trustworthy Computing Communications  

    Los Angeles-area seniors are “getting their game on,” and enjoying noticeable health and social benefits as a result. The “Exergamers Wellness Club” is an innovative public-private partnership made possible by Microsoft and other organizations. Combining online gaming, exercise, and health and wellness, the Club encourages older adults to become more socially active, and helps them keep their personal data safer online.     

    Microsoft teamed with the City of Los Angeles, the Partners in Care Foundation, and St. Barnabas Senior Services to bring the program to life. Microsoft Kinect for Xbox 360 serves as the exercise platform, whileMicrosoft HealthVault helps store and monitor personal health information in a trusted online place.

    Started in May 2011 at a senior center in Los Angeles, the Club encourages older adults to enjoy friendly competitions in dance and bowling, using the Kinect games provided. Based on the success of this single-center pilot, Microsoft and its partners yesterday announced a plan to extend the Wellness Club to all 16 senior centers within the Los Angeles Department of Aging’s service area. But not before a “flashmob” that included some of the 60-, 70- and 80-year-olds pilot participants took to the floor, showing off what they learned over the last year.