Posted by: Brendon Lynch, Chief Privacy Officer
As we increasingly rely on technology for many aspects of our lives, the amount of data created continues to grow at an exponential rate. An important challenge for organizations is to provide privacy statements describing the collection, use and protection of data that are straightforward, yet comprehensive. Clarity and simplicity are key for time-pressed consumers, but large enterprises, governments, and other high-tech savvy individuals often need highly detailed information to use online services with confidence.
With each of these audiences in mind, we are unveiling initial improvements to the look and feel of many of our online privacy statements. We believe the changes enhance the appearance and functionality of our privacy statements, and enable us to more effectively layer important information. Our hope is that the changes will make privacy information easier to locate and use for many consumers.
Posted by: Tim Rains, Director, Trustworthy Computing
In this blog series, I have talked to quite a few people on the topics of security, privacy, and reliability as they relate to cloud computing. For this post, I had an opportunity to talk with Scott Charney, Corporate Vice President for Trustworthy Computing at Microsoft, to get his perspective on the current state of cloud computing. In my discussion with Scott, he talks about how the Internet has become a multi-tenant cloud outsourcer that “offers an amazing ability to aggregate, analyze and discriminate data at far greater scale than ever before.” Although this provides many great advantages, it also increases the complexity of knowing where and in what layers a single data stream gets shared. This is important, because many customers must comply with laws and regulations about ensuring the privacy of their data.
Lori Woehler, senior director in the Microsoft World Wide Public Sector team, joins me to discuss how Microsoft World Wide Public Sector works with government, health care, education, public safety, and national security customers globally.
Posted by: Brendon Lynch, Chief Privacy Officer, Trustworthy Computing
Not long ago, the IT industry wondered if privacy concerns would prevent small and midsize businesses (SMBs) from moving to the cloud. Today, I’m pleased to share findings of a new Microsoft-sponsored study that indicates that is not the case. Rather, SMBs are using data protection as a way to evaluate potential cloud providers.
Overall, the survey, which focused on privacy in the cloud, shows that SMBs are attracted by the opportunity to improve efficiency, while cutting IT costs. As a result, they are rapidly adopting cloud computing. They continue, however, to express concerns. Among the survey’s noteworthy findings....
Posted by: Dave Forstrom, Director, Trustworthy Computing
A year ago this week we extended a challenge to the security community: a challenge to be unconventional; a challenge to look beyond the norm. Rather than reward a continued focus on finding individual problems (which we all know will exist; it’s the nature of the software industry), we wanted to inspire new lines of research and incent a focus on innovative solutions that can mitigate entire classes of attacks.
We created the BlueHat Prize — a program aimed at nurturing innovation in exploit mitigations intended to address serious computer security threats. Interest by the security community was overwhelmingly positive. This was something new and different, which the industry needs to help solve hard security problems. We received 20 qualified submissions, all with unique and interesting approaches to solving challenging security issues. Proposals came from around the world and spanned the entire industry from the research community to academia. The finalists all chose to create mitigations that prevent Return Oriented Programming (ROP) exploits from succeeding. This is an area where we’re seeing a lot of attacks lately, so it’s encouraging to see a collective focus here.
It’s been an exciting week here at Black Hat in Las Vegas with security researchers presenting on the latest trends and issues impacting networks and systems. Last night Microsoft recognized the BlueHat Prize winners at our Researcher Appreciation Party. I’m pleased to share we have already incorporated one of these winning technologies into our Enhanced Mitigation Experience Toolkit (EMET) 3.5 technology preview. It’s great to see an initiative to collaborate and share innovations a year ago evolve into prototypes with one now available this quickly as a new freely available computer security tool. Even in an enterprise that is fully updated against known vulnerabilities, EMET provides defenses that protect assets from the yet unknown threats. EMET can easily be used on home machines to protect against known, and unknown, vulnerabilities. The new Technology Preview of EMET was made available July 25.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
Last May I traveled to Singapore, Malaysia and Hong Kong to meet with customers and reporters. I was interested to hear their perspectives regarding cloud services while sharing a recently completed a study on small to midsize businesses’ (SMBs) experiences with security in the cloud. This data indicated SMBs in Asia view cloud security positively. For example, 54 percent of respondents said their business was more secure as a result of moving to the cloud. (See infographic)
Posted by: Richard Saunders, Director, Trustworthy Computing
Today we want to introduce you to David Bills, Microsoft’s Chief Reliability Strategist. In this profile series we give an inside look at the Trustworthy Computing team by informally interviewing team members about what they do in and out of work. David is the fourth person we’ve interviewed in this series (previously: Adrienne Hall, Steve Lipner and Brendon Lynch).
Over the past few weeks, I have provided a recap of the Security Development Conference 2012 in a series of articles. These articles include video interviews with Richard A. Clarke, former Special Advisor to the President for Cyber Security, General Michael V. Hayden former Director, U.S. Central Intelligence Agency and U.S. National Security Agency and Scott Charney, Corporate Vice President of Trustworthy Computing, Microsoft. In this final post of the series I thought it would be appropriate to conclude by focusing on the attendees and some of the organizations they represented - sharing some of their perspectives on the conference and a compilation of interviews with some of these folks.