Posted by: Tim Rains, Director, Trustworthy Computing
Last week I shared some details about the Security Development Conference 2012 for those unable to attend. I also provided a recap of Richard Clarke’s keynote and included a video interview in which Richard shared his perspective on the importance of secure development to critical infrastructure.
Another keynote that took place later that day came from General Michael V. Hayden, Principal, The Chertoff Group and Former Director, U.S. Central Intelligence Agency and U.S. National Security Agency. His keynote entitled “The Persistent Threat: Understanding the Cyber Security Challenge We Face Today” was another thought provoking talk that emphasized the serious nature of cyber threats to society and the importance of taking action now. In his keynote he stated that “while the cyber threat is often intensified in terms of war fighting, the fact remains that there is serious malicious activity and resulting economic damage occurring within our private sector.” He went on to make the point that the private sector should not rely on the federal government’s ability to provide security for their systems and that private firms need to take these threats seriously and prepare appropriately.
Posted by: Tim Rains, Director, Trustworthy Computing
If you’ve been following this series then you know I’ve previously written about the importance of security, compliance and privacy in the cloud. Whenever I talk to customers these themes continually come through as important topics when choosing a cloud provider. But I believe customers have an even more basic demand of their cloud vendor; they want a service that is reliable.
Cloud computing raises important considerations for organizations about how reliable their cloud provider is and what measures they have in place to deal with incidents and events that compromise reliability when they occur.
Posted by: Richard Saunders, Director, Trustworthy Computing
I was at the Cloud Asia event in Singapore recently. One of the sessions was led by an exec from Changi Airport in which he likened internet security to airport security. Jetlag and the passing of time make me hazy on the finer points of what he said, but it was a good presentation.
It made me think that the airport analogy kind of works for Microsoft. As airport users, we are unaware of many of the security precautions in place. But a few – bag scans, pat downs, patrolling police officers etc. – are very obvious.
At Microsoft many of the users of our products are unaware of much of what we do to secure our customers’ data and give them a secure and private online experience. Take the Security Development Lifecycle(SDL), a secure development process that is applied by product groups at Microsoft in an effort to reduce the number and severity of vulnerabilities. Most people do not know it exists and yet it’s there, in the background since 2004 helping to secure our products and services every day.
Last week I attended the Security Development Conference 2012 (SDC 2012). As Steve Lipner wrote in his article about the event, the conference enabled people from companies, government agencies and academic institutions to share their own experiences adopting a Security Development Lifecycle (SDL) process thus helping others learn how to accelerate adoption within their own organizations. Speakers and panelists were in attendance from a variety of organizations including Adobe, BlackBerry, Cisco, IBM, Intel, Itron, Lockheed Martin, Microsoft, NIST, NSA, Salesforce.com, Red Hat and others.
New data from Microsoft Trustworthy Computing shows that small and mid-size businesses (SMBs) in Hong Kong experience similar cloud security benefits as the SMBs we’ve highlighted from the United States, Singapore, India and Malaysia.
At this point you have likely seen some of our survey data on the improved security, cost savings and time savings associated with cloud security for small and mid-sized businesses (SMBs). We’ve shared specific data on SMBs inUnited States, Singapore, India, Malaysia and Hong Kong.
While each region had slightly different numbers, there’s a trend of security benefits stemming from the cloud. Looking at aggregate data from Singapore, India, Malaysia and Hong Kong SMBs makes this trend apparent.
The physical security of the data centers where cloud services are hosted is a very important aspect of security to all of the customers I talk to. After all, if an attacker can gain physical access to the hardware hosting a service and storing sensitive data, that attacker has a range of malicious options available to them including attempting to steal or damage services and data. It is mandatory for cloud providers to provide physical security controls for the services they manage on behalf of their customers.
Last week we shared data that highlights the security benefits small and mid-size businesses (SMBs) in the United States, Singapore and India gain from using the cloud. The benefits these organizations attest to—cost savings, time savings and improved security—are echoed by the experiences of Malaysian SMBs.
Earlier this week we shared news around the security benefits small to mid-size businesses (SMBs) gain from using the cloud in both the United States and Singapore. Additional data focusing on SMBs in India shows that improved security, time savings and cost savings are all benefits Indian SMBs using the cloud experience as well.
Posted by: Steve Lipner, Partner Director of Program Management, Trustworthy Computing
This morning, I am sitting at the inaugural Security Development Conference 2012 in Washington DC listening to people from a diverse set of companies, government agencies and academic institutions sharing their own experiences with adopting a Security Development Lifecycle (SDL) process or learning how to accelerate adoption within their own organizations. As I watched the keynotes and sessions yesterday and see Scott Charney step onto the stage today, I am reminded of the early days at Microsoft when our customers were faced with security threats that challenged their trust in our products and services. Creating the SDL was an important step in combating these threats and to this day the SDL continues to help reduce the number and severity of vulnerabilities found in Microsoft’s products.