Posted by: Brendon Lynch, Chief Privacy Officer
As we increasingly rely on technology for many aspects of our lives, the amount of data created continues to grow at an exponential rate. An important challenge for organizations is to provide privacy statements describing the collection, use and protection of data that are straightforward, yet comprehensive. Clarity and simplicity are key for time-pressed consumers, but large enterprises, governments, and other high-tech savvy individuals often need highly detailed information to use online services with confidence.
With each of these audiences in mind, we are unveiling initial improvements to the look and feel of many of our online privacy statements. We believe the changes enhance the appearance and functionality of our privacy statements, and enable us to more effectively layer important information. Our hope is that the changes will make privacy information easier to locate and use for many consumers.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
Any conversation I have with a customer that hasn't yet adopted a cloud service includes the topic of security at some point. It isn’t surprising that security frequently tops the list of cloud adoption items; yet I believe it should be on the list of top cloud adoption benefits.
A common area explored by organizations considering the cloud, small to mid-size businesses, or SMBs, often don’t have the built-in security expertise that larger entities do. This makes it difficult for them to spend time and expertise to assess the benefits of cloud computing.
In commissioning an independent study with groups of SMBs that both use and do not use cloud services in the U.S., Singapore, Malaysia, India and Hong Kong. We hoped to evaporate, okay – more realistically – lessen, concerns about security for prospective customers. Our goal was to see what, if any, security benefits companies that use the cloud realize, and to better understand the concerns of companies that have not yet adopted cloud services.
By Jacqueline Beauchere, director, Trustworthy Computing
This year was an exciting one for online safety at Microsoft. We continued our long-standing commitment to individuals and families by offering tools and guidance they need online – everything from new products such as Windows 8 with enhanced parental controls; to our continued collaboration with groups like the Family Online Safety Institute and the National Cyber Security Alliance (NCSA). We acknowledged support of The United States’ and the European Union’s Joint Declaration to help reduce the risks and maximize the Internet’s benefits for young people. The increased focus on global online safety led to my appointment as Microsoft’s first Chief Safety Officer, a role that I will formally assume in March 2013.
So, it’s fitting that to cap 2012, we are releasing our first “Year in Online Safety” report, a 10-page paper that describes our initiatives, projects, and programs that help create safer, more trusted computing experiences. We’ve also highlighted what we think are some of the most important trends in online safety, and where they may be headed next year.
David Bills, chief reliability strategist, Trustworthy Computing
The complex nature of cloud computing means that as cloud service providers, we need to be mindful that things will go wrong – it’s not a case of if, it’s strictly a matter of when. Cloud providers need to design and build their services in such a way to maximize the reliability of the service and minimize the impact to customers when things do go wrong. A key facet of this approach is business continuity, or ensuring that critical business functions continue to be available, even in the event of a catastrophe. With that in mind, I was recently interviewed for the winter edition of the Disaster Recovery Journal – a journal which focuses on the business continuity planning profession
When I talk about reliability I’m referring to the outcome all service providers aim for. The notion that the service works as it was designed to, and responds in a predicable fashion when it is needed. One way to improve reliability is to build a service that is resilient – it has the ability to withstand certain types of failure and yet remain fully functional from the customers’ perspective.
By Paul Nicholas, senior director Security, Trustworthy Computing
Have you ever wondered what factors contribute to how well a country or region is addressing cybersecurity issues? Today, I have the pleasure of presenting alongside my colleague, Kevin Sullivan at George Washington University’s Homeland Security Policy Institute in Washington DC on exactly that topic. During the lecture we will discuss key findings from a new special edition of our Microsoft Security Intelligence Report that focuses on “Measuring the Impact of Policy on Global Cybersecurity”.
This new report takes a look at cybersecurity in a world where the demographic of the internet is rapidly changing. Current projections indicate that internet users will double by 2020 to four billion worldwide, with large populations of users located in China, India and Africa. This change, coupled with a consistently evolving cybersecurity threat landscape will require governments around the world to look more broadly than ever before to understand the impact of the decisions that are being made today.
Posted by David Bills, Chief Reliability Strategist, Trustworthy Computing Today we published a new video series, ‘Fundamentals of cloud service reliability’. Designing and delivering reliable services is complex, and this series highlights the fundamentals of designing for service reliability and complements our recent whitepaper ‘An introduction to designing reliable cloud services’. Together, these pieces aim to be the catalyst for further discussions among services teams within organizations, as well as the industry itself.
The series consists of three short videos:1. ‘What is cloud service reliability?, discusses reliability and presents four goals cloud service providers should consider to make their customers happy.2. ‘Addressing common cloud service issues’, discusses the common causes of service failure and core design principles to help reduce the likelihood and severity of outages when they happen.3. ‘Designing for and responding to cloud service issues’, discusses a process to help cloud service providers design cloud services to meet customers’ expectations.
By Jeff Jones, director, Trustworthy ComputingWith RSA just two weeks away, I wanted to cordially invite you to our Microsoft Industry Appreciation party 8 pm to midnight, on Tuesday, February 26 at Ruby Skye in San Franciso. We had an amazing party last year and this one is not to be missed! Passes are limited and they are required to attend. At RSA in Moscone Center, come by our Microsoft booth #1616 during open Exhibit Hall hours on Monday, 6-8 pm or Tuesday, 11 am to 6 pm. More details follow below. See you there!
By Tim Rains, director, Trustworthy Computing
Almost every CISO or executive with security related responsibilities that I have talked to over the past couple of years has expressed interest in learning how to improve their security posture to better mitigate the risks posed by “APT” (Advanced Persistent Threats) style attacks. At Microsoft we don’t use the term APT because these attacks are typically based on old, well understood tactics and technologies, i.e. they aren’t really “advanced.”For example, one thing these attackers typically try to do is steal user names and passwords from networks they compromise so that they can get access to more resources and stay on the network undetected for as long as possible. One type of attack they use as a matter of course is called “pass-the-hash.” This involves stealing the hashed version (a one-way mathematical representation) of user names and passwords from a compromised network and using those credentials to obtain access to network resources and data. There has been a considerable amount of research and tool development in this area over the years that has made it easier for attackers to perform pass-the-hash and other credential theft and reuse attacks.
Posted by: Richard Saunders, Director, Trustworthy Computing
At this point you have likely seen some of our survey data on the improved security, cost savings and time savings associated with cloud security for small and mid-sized businesses (SMBs). We’ve shared specific data on SMBs inUnited States, Singapore, India, Malaysia and Hong Kong.
While each region had slightly different numbers, there’s a trend of security benefits stemming from the cloud. Looking at aggregate data from Singapore, India, Malaysia and Hong Kong SMBs makes this trend apparent.
Posted by: Tim Rains, Director, Trustworthy Computing
In this blog series, I have talked to quite a few people on the topics of security, privacy, and reliability as they relate to cloud computing. For this post, I had an opportunity to talk with Scott Charney, Corporate Vice President for Trustworthy Computing at Microsoft, to get his perspective on the current state of cloud computing. In my discussion with Scott, he talks about how the Internet has become a multi-tenant cloud outsourcer that “offers an amazing ability to aggregate, analyze and discriminate data at far greater scale than ever before.” Although this provides many great advantages, it also increases the complexity of knowing where and in what layers a single data stream gets shared. This is important, because many customers must comply with laws and regulations about ensuring the privacy of their data.