Cloud Computing | Microsoft Trustworthy Computing Blog

Cloud Computing Security News and Guidance for Businesses and Organizations

October, 2012

  • Online Fraud: Your Guide to Prevention, Detection, and Recovery

    By Jacqueline Beauchere, director, Trustworthy Computing

    As we near the end National Cyber Security Awareness Month 2012 (NCSAM), we continue our focus on the problem of online fraud.  Online schemes victimize millions of unsuspecting people every year. In the United States alone, the FBI’s Internet Crime Complaint Center recorded 300,000 fraud complaints last year with an adjusted dollar loss of nearly half a billion dollars. 

    Earlier this month, Microsoft released our Scam Defense Survey, which revealed that the top five most common scams encountered by adults in the U.S. were lottery scams, advance-fee fraud, phishing attacks, and fake anti-virus alerts.  The results demonstrate the need for individuals to take action and help safeguard their digital lifestyles by highlighting the evolving complexity and sophistication of these schemes.  Case in point: 62 percent of people surveyed said they doubt they’ll ever fall victim to an online scam, yet only 12 percent said they feel fully protected.

    Today, Microsoft is releasing a new 12-page booklet to arm consumers with the knowledge they need to help avoid the most common types of online scams.

  • Executive Women’s Forum 2012: Security, Privacy and Risk Management Pros Share Time and Talent

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    10+ years ago Joyce Brocaglia, CEO of high-end recruiting firm Alta & Associates was having dinner with Spencer F. Katt, a prolific columnist for the former PC Week, now eWeek. Throughout their lively conversation the topic of finding people for key roles in these IT specialties came up as a difficult task. The prospect of finding a number of candidates to round out executive teams was a challenge too.  In particular, Joyce was adamant that talented women existed for a spectrum of positions, while she also acknowledged that tracking down the talent and following the network wasn’t as easy as just going to security events.

    In part stimulated by similar conversations, and in part because she saw an opportunity to fill an unmet need, a few years later Joyce started up The Executive Women's Forum (EWF) as a way to tap into the talent pool while delivering benefit to the participants themselves in a number of ways. It has been fun to watch this community grow in size and capability, most notably during the recent ten-year celebration conference in Scottsdale, Arizona.  The EWF is now a prominent community of over 750 of the nation’s most influential female executives in the fields of Information Security, Privacy, and Risk Management. This group provides a home base for women to grow their professional skills and build networks, log certification credits and gather business information on lessons learned, trends and tips from top practitioners.

  • Stand-Up Against All Bullies: A Spotlight on National Bullying Prevention Month

    By Kim Sanchez, director, Trustworthy Computing Online Safety

    “The End of Bullying Begins with Me.”  That’s the message during National Bullying Prevention month this October. An organization called PACER started the anti-bullying campaign in 2006 to bring awareness to bullying prevention efforts.  Bullying commonly thought of as a “rite of passage,” for children has long term consequences.  Children who are bullied are likely to experience depression, anxiety, increased feelings of sadness and loneliness, changes in sleep and eating patterns, and loss of interest in activities they used to enjoy.  These issues may persist into adulthood. 

    It’s hard to know if childhood bullies grow up to be bullies in the workplace as we typically think of bullying as something school-aged kids experience.  However, a recent survey from Career Builder indicates that workplace bullying is on the rise.  The survey found thirty-five percent of workers said they have felt bullied at work, up from 27 percent last year.  Sixteen percent of these workers reported they suffered health-related problems as a result of bullying and 17 percent decided to quit their jobs to escape the situation.  The survey was conducted online by Harris Interactive© from May 14 to June 4, 2012 and included more than 3,800 workers nationwide.

    Who are the bullies?  Of workers who felt bullied, most pointed to incidents with their bosses (48 percent) or coworkers (45 percent), while 31 percent have been picked on by customers, and 26 percent by someone higher up in the company other than their boss.

  • Global Exchange of Cyber Security Ideas and Knowledge at RSA Europe

    Posted by Richard Saunders, director, Trustworthy Computing

    Last week I was in London for RSA Europe. As ever, there was a rich exchange of opinion on security best practices and solutions reinforcing, if ever we could forget, cyber security as a topic with universal relevance.

    In his opening keynote Art Coviello referred to October being the U.S. National Cyber Security Awareness Month (NCSAM), which is marked by a series of events to provide consumer education and guidance for improved online safety and security. As part of our contribution to NCSAM we announced the results of a scam defense survey, which shares the top five most common scams that impact adults in the U.S. Of course, the U.S. is not alone in this effort. For example, I recently spoke to a colleague in Italy about the Global Cyber Security Center (GCSEC), a not-for-profit organization that develops and disseminates knowledge and awareness on cyber security issues to improve skills, cooperation and communication between groups involved in the use and protection of the Internet.

  • Fault Modeling for Cloud Services

    Posted by David Bills, chief reliability strategist, Trustworthy Computing

    Over the past couple weeks I have posted blogs talking about service reliability organizational goals, as well as causes of service outages and the associated mitigation strategies.  Today I’d like to share some insight into just one of the methods Microsoft uses to design and build cloud services to help ensure our services can respond gracefully to outages. It’s not a new concept, but one that I believe is useful for providers and customers alike to be thinking about.

    Just as threat modeling is an important step in the design process when security-related issues are being evaluated, fault modeling is an important step in the design process for building reliable cloud services. It’s about identifying the interaction points and dependencies of the service and enabling the engineering team to identify where investments should be made to ensure the service can be monitored effectively and issues detected quickly. And, in turn, even guiding the engineering team toward effective coping mechanisms so the service is better able to withstand, or mitigate, the fault.

  • RSA Europe: Risks and Rewards in Cloud Adoption

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    I just got off the stage at RSA Europe in London where I delivered a keynote during which I announced the release of our bi-annual Security Intelligence Report (SIRv13) and a new free Cloud Security Readiness Tool. If you’ve ever been to an  RSA event you’ll know that the audience comprises security professionals from a range of organizations, including government agencies and some of the world’s largest companies.

    Faced with an audience of around 1,000 IT security pros I kicked off with a story about a recent holiday - not the traditional start to an RSA talk. I explained how, in a restaurant in the middle of a tiny town on a remote island off the coast of Croatia I heard a local news report that mentioned the Gauss malware several times.

    The point of my story was that cyber threats are increasingly an everyday fact of life for the world’s consumers. For us as security professionals, information and intelligence will continue to be critical to managing the potential impact of cyber threats. This is why we at the Trustworthy Computing Group work hard to produce the Microsoft Security Intelligence Report (SIR), the 13th volume of which, also known as SIRv13, was released during my keynote today.

  • Building Greater Global Capacity for a Safer Cyberspace

    Posted by: Paul Nicholas, senior director, Trustworthy Computing

    Earlier this week at the Budapest Conference on Cyberspace 2012, the UK Government announced the establishment of the Centre for Global Cyber-Security Capacity Building. In an effort to combat the growing global cyber threat problem, the Centre will focus on areas such as fostering greater international collaboration, increasing access to security expertise and information sharing, and promoting good governance practices online. This effort comes at a critical inflection point in cyberspace driven by the widespread adoption of technology.  According to the World Economic Forum, 70 percent of the world’s population lives in countries that are in the process of coming online.

    Recent Internet research shows the online population is expected to grow to over three billion people in 20161; devices will likely exceed 50 billion2; and overall data may increase more than 50 times by 20203. The continued growth in people, devices, and data becomes an attractive target for criminals who seek to gain access to valuable information or in some instance disrupt operations. Clearly, the benefits of using the Internet far outweigh the risks, but in order to create safer, more trusted computing experiences, the private sector and governments must work together.

  • Cybersecurity Norms and the Public Private Partnership: Promoting Trust and Security in Cyberspace

    Posted by Matt Thomlinson, general manager, Trustworthy Computing

    This week I participated in the Budapest Conference on Cyberspace 2012  and also spoke at the Atlantic Council’s evening event  entitled “Toward a Secure Cyber-Future: Building a Public-Private Partnership for Cybersecurity Norms.”[1]  During both events, I stressed the importance of public-private partnership at the international level and the need to ensure that the private sector had a voice in the key discussions occurring around confidence-building measures and cybersecurity norms.

    Cybersecurity policy is increasingly an international challenge. From 2000-2010 much of cybersecurity policy development has occurred within nation states and, in many instances, the policy development process leveraged public-private partnerships.

    To date, most international discussions on cybersecurity have been largely between governments.  This is the right starting place, as governments need to think through the cybersecurity implications of a connected world. Today industry creates and operates most of the infrastructure that enables cyberspace. Industry continues to innovate and build best practices and technical cybersecurity norms including: vulnerability disclosure management, secure development, security incident response, and risk management. Therefore, these global conversations on cybersecurity would also benefit from a private sector perspective that can help governments think through the technical challenges and priorities involved in securing billions of customers using the Internet around the world.

  • U.S. Kicks Off Cyber Security Awareness Month

    Posted by Jacqueline Beauchere, director, Trustworthy Computing Communications, Microsoft

    Omaha, Nebraska is the site of this year’s official launch of National Cyber Security Awareness Month (NCSAM). At the kickoff, and in the 30 days to follow, government officials and industry leaders will remind individuals, families, and businesses to do their part to help make the Internet safer for all.

    As an active member of the National Cyber Security Alliance (NCSA), Microsoft participates in NCSAM each year, supporting and sponsoring various events and activities. The Omaha launch will feature remarks by local, state, and national leaders, followed by a series of industry-led instructional sessions aimed at small and mid-sized businesses. From safeguarding company networks and developing security policies, to protecting business assets and educating employees, security and business leaders from top corporations will share tips and guidance. Microsoft will conduct a session on Internet security in the workplace, showcasing our free toolkit for businesses.