Posted by: Dave Forstrom , Director, Trustworthy Computing A year ago this week we extended a challenge to the security community: a challenge to be unconventional; a challenge to look beyond the norm. Rather than reward a continued focus on finding individual problems (which we all know will exist;...

Posted by: Tim Rains , Director, Trustworthy Computing I have written more than a few articles on this blog focused on why it is important to provide visibility into how cloud services are being operated by cloud providers, particularly where security controls are concerned. Security of cloud services...

Posted by: Tim Rains , Director, Trustworthy Computing Earlier this month, I wrote about reliability and the importance of customers knowing what measures their cloud provider has in place to deal with incidents and events that may compromise reliability when they occur. Because many customers...

Posted By: Tim Rains , Director, Trustworthy Computing Security standards for cloud computing are of high interest to many organizations around the world eager to adopt cloud services that are implemented and operated using a standards based approach. Cloud providers that choose to leverage existing...

Posted by: Tim Rains , Director, Trustworthy Computing Last week I shared some details about the Security Development Conference 2012 for those unable to attend. I also provided a recap of Richard Clarke’s keynote and included a video interview in which Richard shared his perspective on the...

Posted by: Tim Rains , Director, Trustworthy Computing Earlier this month I attended the Security Development Conference 2012 (SDC 2012). As Steve Lipner, Partner Director of Program Management, Trustworthy Computing, Microsoft wrote in his article about the event , the conference enabled people from...

Posted by: Tim Rains , Director, Trustworthy Computing It goes without saying that the physical security of the data centers where cloud services are hosted is a very important aspect of security to all of the customers I talk to. After all, if an attacker can gain physical access to the hardware...

Posted By: Tim Rains , Director, Trustworthy Computing A key topic when it comes to security is identity. But, the laws of identity tell us “the Internet was built without a way to know who and what you are connecting to…Since this essential capability is missing, everyone offering...

Posted By: Tim Rains , Director, Trustworthy Computing In the past I’ve said a perfectly operated cloud service that has vulnerabilities in it due to lackluster development processes isn’t going to help protect the data that cloud customers store and process in the cloud. As reported in...

By: Tim Rains , Director, Trustworthy Computing Consumers of cloud services generally don’t get to see the layers of technology that they rely on. For many, this seamless delivery is part of the value proposition of cloud computing; depending on the type of deployment, customers expect their...

Posted by: Tim Rains , Director, Trustworthy Computing I have been asked more than a few times whether I think there are too many people involved in developing cloud security standards and best practices. The underlying concern is that when too many people get involved, the process of developing...

Posted by: Tim Rains , Director, Trustworthy Computing If you have been following our Trustworthy Computing Cloud Fundamentals Video Series you have probably seen at least two videos where we discuss the importance of transparency in cloud security controls. In addition, we have shared how the Cloud...

By: Tim Rains , Director, Trustworthy Computing Earlier in this series I wrote about transparency and how the Cloud Security Alliance’s (CSA) Security Trust and Assurance Registry (STAR) provides cloud customers with some insight into how cloud providers are managing the security controls...

By: Tim Rains , Director, Trustworthy Computing The consumerization of IT, referred to by many people as “Bring Your Own Device” (BYOD), is a very hot topic these days as organizations grapple with the challenge of managing the risks in allowing their data to be placed on personal mobile...

Posted by: Jim Reavis , Executive Director, Cloud Security Alliance For our industry, the RSA Conference is the Oscars, a political convention and a college reunion, all rolled into one. We spend months preparing for this one week, and out of this one week comes a year’s worth of new initiatives...

Posted by: Tim Rains , Director, Trustworthy Computing Twice a year we produce the Microsoft Security Intelligence Report (SIR) – an incredibly detailed view into the threat landscape and threat trends in 100+ countries around the world. One piece of data that tends to catch people’s attention...

Posted by: Tim Rains , Director, Trustworthy Computing Many organizations want to take advantage of the cloud, but the data within existing services often contains a mix of the organization’s high, moderate, and low impact data. In this next installment of Trustworthy Computing’s Cloud...

Posted by: Tim Rains , Director, Trustworthy Computing Electronic discovery, or e-discovery, is a hot topic among security professionals whose organizations are using cloud services or are evaluating using cloud services in the future. When there is a need to perform forensic investigations to...

Posted by: Tim Rains , Director, Trustworthy Computing If you’ve been following our Cloud Fundamentals series, you’ve heard me discuss why transparency is important for both cloud service providers and their customers. Another important aspect of this theme that customers have discussed...

Posted by: Matt Thomlinson, General Manager, Trustworthy Computing Security Today, I am excited to announce the inaugural Security Development Conference will be held in Washington D.C. on May 15-16. This event will bring together business decision makers, security engineers, managers of software...

Posted by: Tim Rains , Director, Trustworthy Computing Benchmarks and evaluation standards for cloud computing security is a topic that is top of mind for many organizations that are evaluating the potential uses of this new computing paradigm. Many of the customers I have talked to say they would...

Posted by: Tim Rains , Director, Trustworthy Computing Security industry associations are a very important part of the computing ecosystem. Among other things they provide education, training and certification for security professionals, develop and share benchmarks and security best practices...

Posted by: Tim Rains , Director, Trustworthy Computing Communications I attended the second annual Cloud Security Alliance Congress event a couple of weeks ago in Orlando Florida and wanted to pass on some of what I learned. The Cloud Security Alliance (CSA), of which we are a member, was founded...

Posted by: Jacqueline Beauchere , Director, Online Privacy and Safety * Click on graphic for larger view. Before I go any further, I want to assure you that this is a legitimate Microsoft blog, and that I genuinely work for the company. If you’ve received an unsolicited phone call from...

Posted by: Adrienne Hall , General Manager, Trustworthy Computing We might not be able to predict the unknown, but we can do our best to be prepared for it. For organizations of all sizes contingency planning is vital to success. To this end, my Microsoft colleague, Cindy Bates, vice president...