Posted by Kim Sanchez, director, Trustworthy Computing Communications, Microsoft
No matter which search engine someone prefers, a key piece of advice from safety advocates to help protect your online reputation, is to conduct an Internetsearch on yourself, using several search engines. And then, evaluate whether your online life mirrors the reputation you want others to see.
Recently, the Bing team launched an Internet search tool that lets you conduct a side-by-side search engine comparison with Google. Now, while I think it’s cool, I thought; what if people used this double search feature for good – their own good. What a great time to use one tool, to help manage your online reputation: Search for yourself, and check out what’s being said about you. According to a recent study*, 37 percent of adults never do this.
Posted by: Tim Rains, Director, Trustworthy Computing
In this blog series, I have talked to quite a few people on the topics of security, privacy, and reliability as they relate to cloud computing. For this post, I had an opportunity to talk with Scott Charney, Corporate Vice President for Trustworthy Computing at Microsoft, to get his perspective on the current state of cloud computing. In my discussion with Scott, he talks about how the Internet has become a multi-tenant cloud outsourcer that “offers an amazing ability to aggregate, analyze and discriminate data at far greater scale than ever before.” Although this provides many great advantages, it also increases the complexity of knowing where and in what layers a single data stream gets shared. This is important, because many customers must comply with laws and regulations about ensuring the privacy of their data.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
Last week I wrote about the important role the channel plays, occupying a space between cloud vendor and end user organization and adding value by ensuring technology satisfies business needs. But that’s not to say that cloud providers shouldn’t also have a direct relationship with their customers to understand their needs and factor them into the products and solutions they develop and evolve.
I spend a lot of time talking to customers about what they want from their cloud vendor. Top of their list is a service that both keeps their data secure and helps them comply with local and international law and regulations.
Posted by Matt Thomlinson, general manager, Trustworthy Computing
This week I participated in the Budapest Conference on Cyberspace 2012 and also spoke at the Atlantic Council’s evening event entitled “Toward a Secure Cyber-Future: Building a Public-Private Partnership for Cybersecurity Norms.”[1] During both events, I stressed the importance of public-private partnership at the international level and the need to ensure that the private sector had a voice in the key discussions occurring around confidence-building measures and cybersecurity norms.
Cybersecurity policy is increasingly an international challenge. From 2000-2010 much of cybersecurity policy development has occurred within nation states and, in many instances, the policy development process leveraged public-private partnerships.
To date, most international discussions on cybersecurity have been largely between governments. This is the right starting place, as governments need to think through the cybersecurity implications of a connected world. Today industry creates and operates most of the infrastructure that enables cyberspace. Industry continues to innovate and build best practices and technical cybersecurity norms including: vulnerability disclosure management, secure development, security incident response, and risk management. Therefore, these global conversations on cybersecurity would also benefit from a private sector perspective that can help governments think through the technical challenges and priorities involved in securing billions of customers using the Internet around the world.
I have been asked more than a few times whether I think there are too many people involved in developing cloud security standards and best practices. The underlying concern is that when too many people get involved, the process of developing new standards becomes too bureaucratic and progress is slower than it should be. But, the process has to be inclusive enough so that important nuances from different markets and industries are not overlooked. This balance needs to be carefully managed.
Earlier this month, I wrote about reliability and the importance of customers knowing what measures their cloud provider has in place to deal with incidents and events that may compromise reliability when they occur.
One of the concepts customers ask me about is recoverability – because many customers assume incidents will happen and want to understand what questions they should be asking their cloud provider to make sure they’re prepared for this.
In this episode of the Trustworthy Computing Cloud Fundamentals Video Series, I spoke with David Bills, Microsoft’s Chief Reliability Strategist, about types of incidents that may occur and how to recover.
Posted by: Arunachalam Sam, Group IT/IS Manager, Mulitex Group
Every day I see stories on the benefits the cloud brings to businesses. From improved flexibility and scalability to resource savings, the cloud’s business value is clear. Yet, all that promise is irrelevant if a cloud provider’s promises aren’t backed up with a commitment to security and privacy and an adherence to internationally recognized standards. Fortunately for my company, Mulitex Group, we found the security and privacy commitment we needed in Microsoft Office 365 and are now reaping the benefits. We are headquartered in Hong Kong, with offices in the U.S., South America, Bangladesh, Vietnam and India. Focused on garment manufacturing, trading and real estate investment, Mulitex manages assets worth over US$700 million.
Posted by: Richard Saunders, Director, Trustworthy Computing
I was at the Cloud Asia event in Singapore recently. One of the sessions was led by an exec from Changi Airport in which he likened internet security to airport security. Jetlag and the passing of time make me hazy on the finer points of what he said, but it was a good presentation.
It made me think that the airport analogy kind of works for Microsoft. As airport users, we are unaware of many of the security precautions in place. But a few – bag scans, pat downs, patrolling police officers etc. – are very obvious.
At Microsoft many of the users of our products are unaware of much of what we do to secure our customers’ data and give them a secure and private online experience. Take the Security Development Lifecycle(SDL), a secure development process that is applied by product groups at Microsoft in an effort to reduce the number and severity of vulnerabilities. Most people do not know it exists and yet it’s there, in the background since 2004 helping to secure our products and services every day.
By: Tim Rains, Director, Trustworthy Computing
Consumers of cloud services generally don’t get to see the layers of technology that they rely on. For many, this seamless delivery is part of the value proposition of cloud computing; depending on the type of deployment, customers expect their cloud provider to manage the details so they can get on with the business of running their business.
The reality though is that cloud providers leverage the services and infrastructure of many other vendors to be able to deliver a service to their customers. For example, network services to and from a data center are likely provided by two or more network providers in order to provide redundancy, load balancing, and address other architectural needs.
It’s not surprising then that for a cloud provider to deliver a reliable service that meets customers’ security, privacy and compliance requirements there is significant interdependence between each of the layers that make up the cloud.
If you’re familiar with this blog you know that Tim Rains asks the questions that drive our Cloud Fundamentals video series. At the RSA conference earlier this month, the tables were turned as Tim sat down with Marcia Savage of TechTarget to discuss cloud computing security standards and provider transparency.
As an active member of the cloud security community, these are topics that Tim has previously blogged about and discussed with leaders of the security industry. In Marcia’s video you can see Tim dive even deeper into these subjects and discuss industry progress on projects such as the Security, Trust and Assurance Registry (STAR).