Cloud Computing | Microsoft Trustworthy Computing Blog

Cloud Computing Security News and Guidance for Businesses and Organizations

May, 2012

  • Microsoft Office 365 Receives FISMA Certification

    Posted by: Richard Saunders, Director, Trustworthy Computing

    Last week, Microsoft Office Division announced that Office 365 was given Authority to Operate under the Federal Information Security Management Act (FISMA) by the Broadcasting Board of Governors.

    As you might expect, governments are at the vanguard of most things security related. Entrusted to act in the public’s name and for the public interest, governmental agencies need to be sure that the technology they use for essential functions is secure and trustworthy. As part of this, in the U.S. the U.S. government has FISMA; a certification validating that a given IT solution has federal agency approval for use based on its level of security.

  • Cloud Fundamentals Video Series: Evolving Identity Requirements

    Posted By: Tim Rains, Director, Trustworthy Computing 

    A key topic when it comes to security is identity.  But, the laws of identity tell us “the Internet was built without a way to know who and what you are connecting to…Since this essential capability is missing, everyone offering an Internet service has had to come up with a workaround. It is fair to say that today’s Internet, absent a native identity layer, is based on a patchwork of identity one-offs.”

    Social networks like Facebook and LinkedIn have become central to theone of the primary ways in which people communicate and socialize online.  At the same time there has been a steady proliferation of mobile devices like smart phones that more and more people are using to communicate with and connect to the internet.  In addition, cloud based services are being adopted by more and more consumers and organizations.  Identity is an important ingredient in each of these scenarios as well as at the intersection of them; many customers would like to be able to use multiple identities, including those used on social networks and those in their organization’s on-premise Active Directory, to access public and private cloud services from any device they choose to use.

  • Microsoft Can Help You Manage Your Online Information

    Posted by: Brendon Lynch, Chief Privacy Officer, Microsoft

    Yesterday morning I read an article in The New York Times that described “How to Muddy Your Tracks on the Internet.” The article gives consumers some suggestions for addressing the complicated problem of managing the information left by one’s activities online. This information has many diverse components – website visits, searches, instant messages, e-mails, social-network postings, and so on – indicating personal organizational management, technology solutions, and continued attention at industry and government levels will be important for the foreseeable future.

    At Microsoft, we embrace the concept of “privacy by design.” This includes building meaningful choices into our products and services to help consumers protect their privacy and limit their online information. With Internet Explorer 9 Tracking Protection Lists, customers can choose which third-party sites can receive their information and track them online. IE 9 also features In Private Browsing, a function that helps prevent web-browsing activity being retained by the browser. The Microsoft Personal Data Dashboard Beta gives consumers greater visibility and control of their Bing search history, as well as the ability to opt-out of personalized ads. And, Microsoft Hotmail does not scan the contents of customer e-mails to serve ads.

  • Cloud Fundamentals Video Series: Operational Security versus Secure Development Practices for the Cloud

    Posted By: Tim Rains, Director, Trustworthy Computing

    In the past I’ve said a perfectly operated cloud service that has vulnerabilities in it due to lackluster development processes isn’t going to help protect the data that cloud customers store and process in the cloud.  As reported in the latest volume of the Microsoft Security Intelligence Report that was released just last week, the number of vulnerability disclosures across the entire software industry, including online services, has continued to trend down.  Although this trend is heading in the right direction, it still means that there are thousands of software vulnerability disclosures every six months across the entire software industry.