Cloud Computing | Microsoft Trustworthy Computing Blog

Cloud Computing Security News and Guidance for Businesses and Organizations

April, 2013

  • SMB CTO Reports on Security Management and Green IT with the Cloud

    Posted by Adrienne Hall, general manager, Trustworthy Computing with special guest Bobby Jimenez, chief technology officer of Sindicatum Sustainable Resources

    The cloud continues to transform the way organizations do business. CIOs are identifying business priorities and gaining IT efficiencies such as rapid deployment and the flexibility to grow and contract as their needs change over time.

    The security features in Office 365 are helping organizations positively offset their historical security management budget and thus freeing up IT personnel to work on projects that are directly focused on their core business.

    Last year I met with Bobby Jimenez, chief technology officer of Sindicatum Sustainable Resources, in Singapore about his company’s move to the cloud and today he reports on green IT, reduced costs and time efficiencies gained through Office 365. In his words, Mr. Jimenez shares his cloud experience:

  • Microsoft Releases Security Intelligence Report (SIR): New Data and Analysis on the Threat Landscape

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    Today Microsoft releases volume 14 of the Microsoft Security Intelligence Report, which provides trends and insights on security vulnerabilities, exploit activity, malware and potentially unwanted software, spam, phishing, malicious websites, and security trends from 105+ locations around the world. This SIR focuses on the threat landscape in the second half of 2012 and includes trend data from previous periods.

    Here’s a short summary of what you will find in the latest SIR data: industry-wide vulnerability disclosures are down; exploit activity has increased in many parts of the world; several locations with historically high malware infection rates saw improvements, but the worldwide malware infection rate increased slightly. Windows 8 has the lowest malware infection rate of any Windows-based operating system observed to date; Trojans continue to top the list of malware threats; spam volumes went up slightly; and phishing levels remained consistent.

    We’ve also included some new, previously unpublished data in this volume of the report that helps quantify the value of using antimalware software. Characterizing the value of security software in a way that resonates relative to other IT investments persists as a challenge for many organizations; especially those who have successfully avoided a security crisis for a long period of time. The value of antimalware software is often the source of discussion by Security professionals. 

    Based on telemetry from over a billon systems around the world, Volume 14 returns the data on malware infection rates for unprotected systems versus systems that run antimalware software.  The verdict is in: systems that run antimalware software have significantly lower malware infection rates, even in locations with the highest malware infection rates in the world.  This data will likely help many people understand the value of using antimalware software – which we continue to consider a best practice and strongly recommend to all of our customers.

    I hope you find this volume of the Microsoft Security Intelligence Report useful and enlightening. I also encourage you to visit http://microsoft.com/sir and read my colleague Tim Rains’ Official Microsoft Blog post. Please let us know your thoughts about the latest SIR by commenting below.

  • Men or women - Who is better when it comes to their mobile manners?

    Posted by Kim Sanchez, director, Trustworthy Computing Communications, Microsoft

    Chances are you have your mobile phone with you right now. These devices allow us to keep pace with the demands of our busy digital lifestyles. They also allow us to tell everyone, everything, all the time. There are multiple opinions on the breakdown of social etiquette due to oversharing information, but there’s no denying that certain mobile phone behaviors are not only annoying, they may even be risky.

    Whether it’s loud talkers or not silencing a phone during a movie, some mobile manners like pocket dialing someone because your phone isn’t locked, or tagging photos without permission, may put personal information at risk. But who is better at protecting their personal information? Men, or women?

    At Microsoft, we want to know what you think. That’s why we’re kicking off our Mobile Manners and Mayhem Facebook poll. Rank your biggest mobile phone pet peeves and tell us your own mobile mayhem story. On May 20, we’ll release the results and reveal who is better at protecting themselves online, men or women.

    At a very young age, we are taught to share.  Share our toys, our thoughts, our gratitude.  But in today’s digital society, all this oversharing online, may put us in harm’s way. Your personal information is a valuable commodity to criminals and, just like your personal computer, your mobile phone is equally attractive to those who would misuse this information.

  • Designing Dependable Cloud Services

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    Today another Data Center Knowledge article posted by my colleague David Bills, chief reliability strategist, covering guiding design principles for cloud services. In the article, he explains the cultural shift and evolving engineering principles Microsoft employs to help improve the dependability of services.

    David says service providers need to identify as many potential failure conditions as possible in advance and account for those during the service design phase. During this phase, design teams can also consider new dynamics such as technological advances that test performance limits, the interplay of applications, and broader industry trends.  This careful planning helps us decide exactly how the service is supposed to react if and when the unexpected occurs.  The goal is for services to be able to recover from these failure conditions with minimal to zero interruptions.

    David suggests that cloud services teams employ failure mode and effects analysis to help build redundancy into cloud services. This type of analysis indicates that efforts to simplify physical infrastructure and utilize software to build resiliency into cloud services. I recommend reading David’s article and his prior Data Center Knowledge article. Both articles draw upon David’s experiences with our cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide.

  • CIOs Consider: Can Cloud Services Deliver a Security and Privacy Silver Lining?

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    Business leaders need information, tools and research to understand if adopting the cloud can deliver advantages lower IT costs, increased efficiencies, and greater flexibility.   They’re also reviewing whether the integration of cloud services into their overall IT roadmap helps address cybersecurity and privacy concerns.

    Recent Wall Street Journal and Forbes news reported CIOs sentiment as follows: 

    • CIOs are being understandably detailed in their review of SLAs with cloud providers to ensure privacy and security concerns are being addressed.
    • Cloud skeptical CIOs are running low-risk pilots to prevent vendor lock-in and evaluate portability.
    • CIOs are seeking out vendors who provide insight and analysis, along with hard data, on the benefits of cloud adoption. 

    For business leaders who are evaluating cloud security and privacy, I recommend a few resources to help inform decisions. The US-CERT’s recent Cybersecurity Questions for CEOs paper and the Cloud Security Alliance’s (CSA) Critical Areas of Focus in Cloud Computing guidance provides a road map with a focus on security to adopting cloud services. I also recommend a perusal of the CSA’s Security, Trust & Assurance Registry (STAR) which documents the security controls provided by various cloud computing offerings, thereby helping business leaders assess the security of cloud providers they currently use or are considering contracting. Microsoft cloud services are in the STAR to ensure customers have the information they need to assess security and privacy capabilities.

    Organizations are utilizing Microsoft Office 365 for cloud based email, calendaring, collaboration, and conferencing to improve communication and collaboration. Enterprise cloud customers are increasing the delivery of new services to their business; enhancing server security and availability; and reducing network and server fixed costs.

    Movement to the cloud represents an adaptive progression of IT strategy over time.

  • Building “Cloud Scale” Data Centers and the Role of Resilient Software

    Posted by Adrienne Hall, general manager, Trustworthy Computing

    A new Data Center Knowledge article posted today by David Gauthier, director of data center architecture for Microsoft Global Foundation Services. In the article, David describes the early days of data center operations which had a heavy reliance on complex hardware redundancy. He then goes on to discuss  today’s software design and architecture that now drives Microsoft’s cloud scale data center service availability.

    I recommend this evolutionary piece. It sheds light on the role and revolution of software that has vastly become the key driver of service availability. Next week I’ll highlight a few insights from my colleague David Bills (Chief Reliability Strategist) who will pen another Data Center Knowledge story on the cultural shift and adaptive engineering principles that we’re using to help improve the dependability of our cloud services.