Posted By: Tim Rains, Director, Trustworthy Computing 

A key topic when it comes to security is identity.  But, the laws of identity tell us “the Internet was built without a way to know who and what you are connecting to…Since this essential capability is missing, everyone offering an Internet service has had to come up with a workaround. It is fair to say that today’s Internet, absent a native identity layer, is based on a patchwork of identity one-offs.”

Social networks like Facebook and LinkedIn have become central to theone of the primary ways in which people communicate and socialize online.  At the same time there has been a steady proliferation of mobile devices like smart phones that more and more people are using to communicate with and connect to the internet.  In addition, cloud based services are being adopted by more and more consumers and organizations.  Identity is an important ingredient in each of these scenarios as well as at the intersection of them; many customers would like to be able to use multiple identities, including those used on social networks and those in their organization’s on-premise Active Directory, to access public and private cloud services from any device they choose to use.

Posted by: Richard Saunders, Director, Trustworthy Computing

Last week, Microsoft Office Division announced that Office 365 was given Authority to Operate under the Federal Information Security Management Act (FISMA) by the Broadcasting Board of Governors.

As you might expect, governments are at the vanguard of most things security related. Entrusted to act in the public’s name and for the public interest, governmental agencies need to be sure that the technology they use for essential functions is secure and trustworthy. As part of this, in the U.S. the U.S. government has FISMA; a certification validating that a given IT solution has federal agency approval for use based on its level of security.

Posted by: Adrienne Hall, General Manager, Trustworthy Computing

Today I’m heading off to Asia. Over the next few weeks I’m looking forward to connecting with customers, industry influentials following cloud computing, reporters and several of my colleagues at Microsoft. These conversations play a big role in shaping my perspective on the cloud trust topics that we discuss on this blog. Talking with customers provides a fresh reminder of the varying requirements at play and the different ways people are realizing the benefits of cloud computing in their own organizations. Connecting with industry experts following cloud computing also provides a sense of what’s going well and what work remains to be done.

The trip starts in Singapore where I’ll be attending the Cloud Asia conference. In particular I’m looking forward to the continuing dialogue surrounding private and public cloud offerings. The range of cloud solutions continues to grow; flexibility and choice continues to be important. From there I’ll head to India, Malaysia and Hong Kong for a full slate of press and customer meetings. 

Posted by: Steve Lipner, Partner Director of Program Management, Trustworthy Computing

This morning, I am sitting at the inaugural Security Development Conference 2012 in Washington DC listening to people from a diverse set of companies, government agencies and academic institutions sharing their own experiences with adopting a Security Development Lifecycle (SDL) process or learning how to accelerate adoption within their own organizations. As I watched the keynotes and sessions yesterday and see Scott Charney step onto the stage today, I am reminded of the early days at Microsoft when our customers were faced with security threats that challenged their trust in our products and services.  Creating the SDL was an important step in combating these threats and to this day the SDL continues to help reduce the number and severity of vulnerabilities found in Microsoft’s products.