Cloud Computing | Microsoft Trustworthy Computing Blog

Cloud Computing Security News and Guidance for Businesses and Organizations

March, 2013

  • Dependability in the Cloud

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    What does it take to build a large-scale data center? In addition to arrays of servers, storage and network devices, a data center requires multiple systems to provide a reliable source of power, suitable environmental conditions, plus operations management to provision, monitor and secure the facilities. As cloud computing adoption continues to rise, and customers demand 24/7 access to their services and data, reliability remains a challenge for cloud service providers everywhere.

    Today Data Center Knowledge ran an article penned by my colleague David Bills, chief reliability strategist, that highlights customer needs for 24/7 access to cloud services and data and the challenges all cloud service providers face as they strive to provide highly available services. In his article, David states that consumers demand access 24 hours a day, seven days a week to their digital lives, and outages can have a significant negative impact on a company. However, the complex nature of cloud computing means that cloud service providers need to be mindful that things will go wrong — because it’s not a case of if, it’s strictly a matter of when. This means it’s critical for organizations to understand how best to design and deliver reliable cloud services. Bills bases his article on the experiences of Microsoft; managing a cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide.

    I enjoyed David’s article and encourage you to read it, watch our cloud fundamentals video on reliability and share your thoughts on cloud computing via comments below.

  • Research Data to Help Understand the ROI of Your Security Investments

    By Adrienne Hall, general manager, Trustworthy Computing, Microsoft

    Many organizations and governments around the world struggle to quantify the value of making security investments in an environment of increasingly complex business models, fast-moving technology shifts and ever-more sophisticated cyber criminals.  In this fluid environment, it can be challenging to justify resources and budget for situations such as a security incident that did not interrupt business operations. Budget approvals often occur after an incident occurs and when the damage is already done.  Given this dynamic, and the need to keep customers protected from changes in the threat landscape, Microsoft has remained committed to producing threat intelligence that can help inform different security investments. 

    We have long reported on the changing threat landscape through the Microsoft Security Intelligence Report (SIR). In a new, Special Edition SIR report released last month titled “Linking Cybersecurity Policy and Performance,” we provide insight into different socio-economic factors that can influence cybersecurity outcomes. The study examines how socio-economic factors, such as GDP per capita, broadband penetration, mobile devices and Facebook usage correlate with cybersecurity outcomes as measured by regional malware infection rates. This data is designed to help organizations and governments better understand the potential impact socio-economic factors have on cybersecurity and serve to inform security investment decisions. 

  • Announcing Building Global Trust Online Volume 3

    Posted by Jacqueline Beauchere, chief online safety officer, Trustworthy Computing

    Today, I’m pleased to announce the release of the third volume of Microsoft’s popular policymaker booklet, Building Global Trust Online: Policymaker Guide to Privacy, Safety, and Security.  Volume 2’s individual documents were downloaded more than 100,000 times, and the 2013 edition has been translated into both French and German. 

    In addition to updates to well-read topics, including Online Bullying and Combating Botnets, in Volume 3, we’ve added a number of new safety-related topics, including:
    • Combating Human Trafficking
    • Combating Child Grooming Online
    • Parental Controls
    • Online Reputation, and 

  • Challenges and Opportunities in Defining Cybersecurity Norms

    Posted by Scott Charney, Corporate Vice President, Trustworthy Computing

    Today I will speak at George Washington University on a panel discussing the development of International Cybersecurity Norms.

    Developing cybersecurity norms is difficult process but essential for the future of cyberspace. For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals and organizations (including nation-states), and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will be successful in attacking systems, especially if raising defenses is the only response to an attack.

    Addressing cybersecurity threats is hard for many reasons, I outline six of these in my paper on “Rethinking Cyber Threat – A Framework and Path Forward”, but let me highlight 3 that are especially hard for governments as they try to think through international security challenges related to cybersecurity.

    · The Internet is a shared and integrated domain. It is shared by citizens, businesses, and governments in a manner that makes it difficult to segregate one group from another. Free speech, commercial transactions, espionage activities, and cyber warfare may be occurring in this shared and integrated domain, all at the same time and over the same transport medium. With a limited ability to parse actors and activities, tailored responses to specific threats are extremely hard to craft.

    · The potential consequences of an attack are very difficult to predict. Certain nefarious activity such as network scans or unauthorized system access may be a prelude to information theft, a data integrity breach, or a disruption of service. Moreover, the complex interrelationships between systems suggest that there may be unanticipated cascading effects, some which may be more severe than even the intended effect. Finally, while some attacks may be obvious (for example, a denial of service attack against a critical infrastructure) and generate a quick response, other attacks may be hard to detect. Much has been written about the exfiltration of data from sensitive systems; a more disconcerting scenario might be a alteration of critical data. Not only can this be difficult to detect, but it may be difficult to discern when the data was changed without authority, thus making it difficult to “roll back” to a known good state.

    · The worst-case scenarios are alarming. In the popular press, policy space, and think tanks, these scenarios include disrupting critical infrastructure services, impeding key economic functions, or imperiling public safety and national security. The complexity of these scenarios, which results in part from massive interconnectivity and dependencies between systems that are not always well understood, has made it difficult to develop a consensus regarding the probable consequences of an attack. As for our ability to recover quickly from such an attack, society’s increasing dependence on information technology systems and the data they contain may mean that there is no longer an existing manual process with trained people to fall back on.

    These challenges and the rapidly changing threat landscape has also raised concerns about the dangers of potential conflicts in cyberspace. According to the United Nations, there are more than 30 countries that have developed doctrine related to the use of cyberspace and some have developed cyber defense centers.[i] In response, there has been a substantial increase in government to government dialogue related to international cybersecurity.

  • Jeanette Wing: The Woman Asking All The Right Questions

    By Kim Sanchez, director, Trustworthy Computing Communications, Microsoft

    What do computer science and social issues have in common?  A lot more than might you think.  For starters, computer science is being used to help solve some of the toughest issues that we’re facing around the world.

    “Advances in computer science can be potentially transformative in sectors that make up the fabric of society: health care, transportation, energy, agriculture, and education,” says Dr. Jeanette Wing, Microsoft vice president and head of Microsoft Research International. 

     

    Within the computer science community, Dr. Wing is well-known for her advocacy of  “computational thinking,” an approach to problem solving, designing systems and understanding human behavior that draws upon concepts fundamental to computer science.  It’s about asking the right questions combined with the important skills that most subjects help develop, like creativity, ability to explain and team work.  Dr. Wing sees it as a “universally applicable attitude and skill set that everyone, not just computer scientists, should be eager to learn and use.”

    In her three-page article in the Communications of the ACM entitled Five Deep Questions in Computing she asks thought provoking questions to the computer-science community in order to start a specific dialogue around problem solving using key science drivers.

    - Is there a complexity theory for analyzing our real-world computing systems
    as there is for the algorithms we invent?

  • New Videos Highlight Fundamentals of Service Reliability

    Posted  by David Bills, Chief Reliability Strategist, Trustworthy Computing

    Today we published a new video series, ‘Fundamentals of cloud service reliability’. Designing and delivering reliable services is complex, and this series highlights the fundamentals of designing for service reliability and complements our recent whitepaper ‘An introduction to designing reliable cloud services’.  Together, these pieces aim to be the catalyst for further discussions among services teams within organizations, as well as the industry itself.

    The series consists of three short videos:
    1.      ‘What is cloud service reliability?, discusses reliability and presents four goals cloud service providers should consider to make their customers happy.
    2.      ‘Addressing common cloud service issues’, discusses the common causes of service failure and core design principles to help reduce the likelihood and severity of outages when they happen.
    3.      ‘Designing for and responding to cloud service issues’, discusses a process to help cloud service providers design cloud services to meet customers’ expectations.

  • Washington School Takes Aim at Online Bullying

    Posted by Jacqueline Beauchere, Director, Trustworthy Computing Communications, Microsoft

    As incidents of online meanness and cruelty continue to garner media attention, and children worry about becoming targets, parents, educators,  and school districts must continue to band together to help kids stand up to online bullying.     
    Recently, I participated in a local high-school event in Washington State, where 1,500 students, educators, and available parents discussed the realities of online bullying.   In an ad hoc poll taken by one of the students at an assembly, well over half the student body stood up to acknowledge that they had, in fact, been mean to or bullied someone else online.     

    This visual demonstration from the students is not unlike what Microsoft has witnessed around the world.   Last June, we released results of a 25-country survey of youth aged eight to 17, asking them about some of the negative behaviors they’ve experienced online.  More than half (54 percent) told us they were worried about being bullied online.  Contrast that with only 29 percent who said their parents have talked to them about the issue. 

    Teens are 43 percent more likely to be mean online, compared to eight to 12 year olds, the data show.  I shared this point with the students because they have the power – with the help of others – to help keep these numbers from climbing.  School programs like this one that bring together parents, students, educators, and technology leaders, are a step in the right direction.  They allow everyone involved the opportunity to share their thoughts, insights, data, guidance, and resources to work toward a common goal.

    It’s much like the positive goal of “A Platform for Good” (PfG), a project of The Family Online Safety Institute (FOSI), which is asking everyone to pledge to use their power for good.  The pledge consists of a simple but powerful statement: "I will use my power for good," and will support teens and parents in using the Internet to create a movement of positive interactions - from reaching out to old friends, sharing compliments, or becoming virtual volunteers.