Posted by: Adrienne Hall, General Manager, Trustworthy Computing
Any conversation I have with a customer that hasn't yet adopted a cloud service includes the topic of security at some point. It isn’t surprising that security frequently tops the list of cloud adoption items; yet I believe it should be on the list of top cloud adoption benefits.
A common area explored by organizations considering the cloud, small to mid-size businesses, or SMBs, often don’t have the built-in security expertise that larger entities do. This makes it difficult for them to spend time and expertise to assess the benefits of cloud computing.
In commissioning an independent study with groups of SMBs that both use and do not use cloud services in the U.S., Singapore, Malaysia, India and Hong Kong. We hoped to evaporate, okay – more realistically – lessen, concerns about security for prospective customers. Our goal was to see what, if any, security benefits companies that use the cloud realize, and to better understand the concerns of companies that have not yet adopted cloud services.
Posted by: Richard Saunders, Director, Trustworthy Computing
Last week, Microsoft Office Division announced that Office 365 was given Authority to Operate under the Federal Information Security Management Act (FISMA) by the Broadcasting Board of Governors.
As you might expect, governments are at the vanguard of most things security related. Entrusted to act in the public’s name and for the public interest, governmental agencies need to be sure that the technology they use for essential functions is secure and trustworthy. As part of this, in the U.S. the U.S. government has FISMA; a certification validating that a given IT solution has federal agency approval for use based on its level of security.
Posted By: Tim Rains, Director, Trustworthy Computing
A key topic when it comes to security is identity. But, the laws of identity tell us “the Internet was built without a way to know who and what you are connecting to…Since this essential capability is missing, everyone offering an Internet service has had to come up with a workaround. It is fair to say that today’s Internet, absent a native identity layer, is based on a patchwork of identity one-offs.”
Social networks like Facebook and LinkedIn have become central to theone of the primary ways in which people communicate and socialize online. At the same time there has been a steady proliferation of mobile devices like smart phones that more and more people are using to communicate with and connect to the internet. In addition, cloud based services are being adopted by more and more consumers and organizations. Identity is an important ingredient in each of these scenarios as well as at the intersection of them; many customers would like to be able to use multiple identities, including those used on social networks and those in their organization’s on-premise Active Directory, to access public and private cloud services from any device they choose to use.
Posted by: Tim Rains, Director, Trustworthy Computing
Last week I attended the Security Development Conference 2012 (SDC 2012). As Steve Lipner wrote in his article about the event, the conference enabled people from companies, government agencies and academic institutions to share their own experiences adopting a Security Development Lifecycle (SDL) process thus helping others learn how to accelerate adoption within their own organizations. Speakers and panelists were in attendance from a variety of organizations including Adobe, BlackBerry, Cisco, IBM, Intel, Itron, Lockheed Martin, Microsoft, NIST, NSA, Salesforce.com, Red Hat and others.
In the past I’ve said a perfectly operated cloud service that has vulnerabilities in it due to lackluster development processes isn’t going to help protect the data that cloud customers store and process in the cloud. As reported in the latest volume of the Microsoft Security Intelligence Report that was released just last week, the number of vulnerability disclosures across the entire software industry, including online services, has continued to trend down. Although this trend is heading in the right direction, it still means that there are thousands of software vulnerability disclosures every six months across the entire software industry.
The physical security of the data centers where cloud services are hosted is a very important aspect of security to all of the customers I talk to. After all, if an attacker can gain physical access to the hardware hosting a service and storing sensitive data, that attacker has a range of malicious options available to them including attempting to steal or damage services and data. It is mandatory for cloud providers to provide physical security controls for the services they manage on behalf of their customers.
Posted by: Steve Lipner, Partner Director of Program Management, Trustworthy Computing
This morning, I am sitting at the inaugural Security Development Conference 2012 in Washington DC listening to people from a diverse set of companies, government agencies and academic institutions sharing their own experiences with adopting a Security Development Lifecycle (SDL) process or learning how to accelerate adoption within their own organizations. As I watched the keynotes and sessions yesterday and see Scott Charney step onto the stage today, I am reminded of the early days at Microsoft when our customers were faced with security threats that challenged their trust in our products and services. Creating the SDL was an important step in combating these threats and to this day the SDL continues to help reduce the number and severity of vulnerabilities found in Microsoft’s products.
Earlier today Microsoft Trustworthy Computing announced the results of a study showing the security benefits U.S. small and mid-sized businesses (SMBs) gain from cloud computing. In this study we found that U.S. SMBs using the cloud had a comparative advantage over U.S. SMBs not using the cloud in the area of security efficiency.
I’m pleased to announce that U.S. SMBs aren’t alone in seeing improved security efficiencies from using the cloud. New data shows SMBs in Singapore have had similar experiences.
Posted by: Brendon Lynch, Chief Privacy Officer, Microsoft
Yesterday morning I read an article in The New York Times that described “How to Muddy Your Tracks on the Internet.” The article gives consumers some suggestions for addressing the complicated problem of managing the information left by one’s activities online. This information has many diverse components – website visits, searches, instant messages, e-mails, social-network postings, and so on – indicating personal organizational management, technology solutions, and continued attention at industry and government levels will be important for the foreseeable future.
At Microsoft, we embrace the concept of “privacy by design.” This includes building meaningful choices into our products and services to help consumers protect their privacy and limit their online information. With Internet Explorer 9 Tracking Protection Lists, customers can choose which third-party sites can receive their information and track them online. IE 9 also features In Private Browsing, a function that helps prevent web-browsing activity being retained by the browser. The Microsoft Personal Data Dashboard Beta gives consumers greater visibility and control of their Bing search history, as well as the ability to opt-out of personalized ads. And, Microsoft Hotmail does not scan the contents of customer e-mails to serve ads.
At this point you have likely seen some of our survey data on the improved security, cost savings and time savings associated with cloud security for small and mid-sized businesses (SMBs). We’ve shared specific data on SMBs inUnited States, Singapore, India, Malaysia and Hong Kong.
While each region had slightly different numbers, there’s a trend of security benefits stemming from the cloud. Looking at aggregate data from Singapore, India, Malaysia and Hong Kong SMBs makes this trend apparent.