Posted by: Tim Rains, Director, Trustworthy Computing
Last week I attended the Security Development Conference 2012 (SDC 2012). As Steve Lipner wrote in his article about the event, the conference enabled people from companies, government agencies and academic institutions to share their own experiences adopting a Security Development Lifecycle (SDL) process thus helping others learn how to accelerate adoption within their own organizations. Speakers and panelists were in attendance from a variety of organizations including Adobe, BlackBerry, Cisco, IBM, Intel, Itron, Lockheed Martin, Microsoft, NIST, NSA, Salesforce.com, Red Hat and others.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
Any conversation I have with a customer that hasn't yet adopted a cloud service includes the topic of security at some point. It isn’t surprising that security frequently tops the list of cloud adoption items; yet I believe it should be on the list of top cloud adoption benefits.
A common area explored by organizations considering the cloud, small to mid-size businesses, or SMBs, often don’t have the built-in security expertise that larger entities do. This makes it difficult for them to spend time and expertise to assess the benefits of cloud computing.
In commissioning an independent study with groups of SMBs that both use and do not use cloud services in the U.S., Singapore, Malaysia, India and Hong Kong. We hoped to evaporate, okay – more realistically – lessen, concerns about security for prospective customers. Our goal was to see what, if any, security benefits companies that use the cloud realize, and to better understand the concerns of companies that have not yet adopted cloud services.
The physical security of the data centers where cloud services are hosted is a very important aspect of security to all of the customers I talk to. After all, if an attacker can gain physical access to the hardware hosting a service and storing sensitive data, that attacker has a range of malicious options available to them including attempting to steal or damage services and data. It is mandatory for cloud providers to provide physical security controls for the services they manage on behalf of their customers.
Posted by: Steve Lipner, Partner Director of Program Management, Trustworthy Computing
This morning, I am sitting at the inaugural Security Development Conference 2012 in Washington DC listening to people from a diverse set of companies, government agencies and academic institutions sharing their own experiences with adopting a Security Development Lifecycle (SDL) process or learning how to accelerate adoption within their own organizations. As I watched the keynotes and sessions yesterday and see Scott Charney step onto the stage today, I am reminded of the early days at Microsoft when our customers were faced with security threats that challenged their trust in our products and services. Creating the SDL was an important step in combating these threats and to this day the SDL continues to help reduce the number and severity of vulnerabilities found in Microsoft’s products.
Posted By: Tim Rains, Director, Trustworthy Computing
A key topic when it comes to security is identity. But, the laws of identity tell us “the Internet was built without a way to know who and what you are connecting to…Since this essential capability is missing, everyone offering an Internet service has had to come up with a workaround. It is fair to say that today’s Internet, absent a native identity layer, is based on a patchwork of identity one-offs.”
Social networks like Facebook and LinkedIn have become central to theone of the primary ways in which people communicate and socialize online. At the same time there has been a steady proliferation of mobile devices like smart phones that more and more people are using to communicate with and connect to the internet. In addition, cloud based services are being adopted by more and more consumers and organizations. Identity is an important ingredient in each of these scenarios as well as at the intersection of them; many customers would like to be able to use multiple identities, including those used on social networks and those in their organization’s on-premise Active Directory, to access public and private cloud services from any device they choose to use.
Posted By: Tim Rains, Director, Trustworthy Computing
In the past I’ve said a perfectly operated cloud service that has vulnerabilities in it due to lackluster development processes isn’t going to help protect the data that cloud customers store and process in the cloud. As reported in the latest volume of the Microsoft Security Intelligence Report that was released just last week, the number of vulnerability disclosures across the entire software industry, including online services, has continued to trend down. Although this trend is heading in the right direction, it still means that there are thousands of software vulnerability disclosures every six months across the entire software industry.
Posted by: Richard Saunders, Director, Trustworthy Computing
Earlier today Microsoft Trustworthy Computing announced the results of a study showing the security benefits U.S. small and mid-sized businesses (SMBs) gain from cloud computing. In this study we found that U.S. SMBs using the cloud had a comparative advantage over U.S. SMBs not using the cloud in the area of security efficiency.
I’m pleased to announce that U.S. SMBs aren’t alone in seeing improved security efficiencies from using the cloud. New data shows SMBs in Singapore have had similar experiences.
At this point you have likely seen some of our survey data on the improved security, cost savings and time savings associated with cloud security for small and mid-sized businesses (SMBs). We’ve shared specific data on SMBs inUnited States, Singapore, India, Malaysia and Hong Kong.
While each region had slightly different numbers, there’s a trend of security benefits stemming from the cloud. Looking at aggregate data from Singapore, India, Malaysia and Hong Kong SMBs makes this trend apparent.
Last week, Microsoft Office Division announced that Office 365 was given Authority to Operate under the Federal Information Security Management Act (FISMA) by the Broadcasting Board of Governors.
As you might expect, governments are at the vanguard of most things security related. Entrusted to act in the public’s name and for the public interest, governmental agencies need to be sure that the technology they use for essential functions is secure and trustworthy. As part of this, in the U.S. the U.S. government has FISMA; a certification validating that a given IT solution has federal agency approval for use based on its level of security.
New data from Microsoft Trustworthy Computing shows that small and mid-size businesses (SMBs) in Hong Kong experience similar cloud security benefits as the SMBs we’ve highlighted from the United States, Singapore, India and Malaysia.