By Adrienne Hall, General Manager, Trustworthy Computing
“There is no such thing as a secure cloud,” according to Greg Ferro, who moderated the panel discussion in which I participated at the GigaOM Structure: Europe conference. And so began a lively conversation with Greg and other industry pros.
During the panel I described three broad categories of ongoing work in relation to cloud offerings: 1) development – how we create the software behind the service, 2) data center security – how we protect the operational environment in which services are running and, 3) incident response – how we manage services if and when, the unexpected occurs.
After the panel, I was asked a few follow on questions about Microsoft’s Security Development Lifecycle (SDL), a security assurance process that introduces security and privacy into all phases of development. It has been a mandatory policy at Microsoft since 2004.
There’s no question in my mind that the wholesale adoption of this approach has helped reduce the number and severity of vulnerabilities. It also reduces costs by discovering and addressing potential security and data privacy issues early in the design phase, where changes can be made with less disruption to the overall project.
See More >>
I’m really excited to be in London for the GigaOM Structure: Europe conference, which kicks off tomorrow. Not only is London one of my favorite places to visit, but the conference has a great agenda.
I’m looking forward to participating in the panel discussion: Mission not so impossible: a truly secure cloud?, and hearing from my fellow panelists.
Greg Ferro - Network Architect, Ca and Analyst, GigaOM Research Joe Baguley - CTO, EMEA, VMware Gavan Egan - VP Sales, Verizon Terremark Europe Hila Meller - Head of Security Strategy EMEA, CA Technologies
You can watch my panel live, Sept. 19 at 11:20 a.m. BST (3:20 a.m. PT) on the conference site. Click “WATCH NOW”. Our team will be sharing updates on Twitter throughout the conference and I’ll report back once it’s over. And if you’re there, I look forward to seeing you in person!
By David Bills, Chief Reliability Strategist, Trustworthy Computing
Things will go wrong – it’s not a matter of if, but strictly a matter of when. In my role, a large part of my focus is working with teams across Microsoft to identify the types of things that can go wrong in the complex ecosystem that makes up the cloud (everything from infrastructure to networks, to software - even administrator error), and build resilience into our services to ensure the impact - when things do go wrong - is minimized.
But if an organization truly wants to be resilient, there are many other facets of risk to consider.
This month Asia Futures magazine has published an article on organizational resilience, in which Pierre Noel, chief security officer and advisor, Microsoft Asia, shares his thoughts on the topic. The article looks at what it takes for an organization to be resilient, how to effectively plan for and mitigate disaster, and some of the specific challenges and opportunities on the theme of resilience.
See more >>
Regulatory compliance and managing security risks are two important challenges facing IT professionals today. From the Chief Information Security Officers (CISOs) we talk to, there’s steady interest in hearing more on these topics.
At Trustworthy Computing, we’re fortunate to have access to some of the best and brightest security minds – including security executives from around the world as well as our own internal experts. To help share that expertise with the broader security community, we’ve recently released two “CISO Perspectives” articles covering Risk and Compliance in the Cloud.