Posted by: Brendon Lynch, Chief Privacy Officer
As we increasingly rely on technology for many aspects of our lives, the amount of data created continues to grow at an exponential rate. An important challenge for organizations is to provide privacy statements describing the collection, use and protection of data that are straightforward, yet comprehensive. Clarity and simplicity are key for time-pressed consumers, but large enterprises, governments, and other high-tech savvy individuals often need highly detailed information to use online services with confidence.
With each of these audiences in mind, we are unveiling initial improvements to the look and feel of many of our online privacy statements. We believe the changes enhance the appearance and functionality of our privacy statements, and enable us to more effectively layer important information. Our hope is that the changes will make privacy information easier to locate and use for many consumers.
By Jacqueline Beauchere, director, Trustworthy Computing
This year was an exciting one for online safety at Microsoft. We continued our long-standing commitment to individuals and families by offering tools and guidance they need online – everything from new products such as Windows 8 with enhanced parental controls; to our continued collaboration with groups like the Family Online Safety Institute and the National Cyber Security Alliance (NCSA). We acknowledged support of The United States’ and the European Union’s Joint Declaration to help reduce the risks and maximize the Internet’s benefits for young people. The increased focus on global online safety led to my appointment as Microsoft’s first Chief Safety Officer, a role that I will formally assume in March 2013.
So, it’s fitting that to cap 2012, we are releasing our first “Year in Online Safety” report, a 10-page paper that describes our initiatives, projects, and programs that help create safer, more trusted computing experiences. We’ve also highlighted what we think are some of the most important trends in online safety, and where they may be headed next year.
David Bills, chief reliability strategist, Trustworthy Computing
The complex nature of cloud computing means that as cloud service providers, we need to be mindful that things will go wrong – it’s not a case of if, it’s strictly a matter of when. Cloud providers need to design and build their services in such a way to maximize the reliability of the service and minimize the impact to customers when things do go wrong. A key facet of this approach is business continuity, or ensuring that critical business functions continue to be available, even in the event of a catastrophe. With that in mind, I was recently interviewed for the winter edition of the Disaster Recovery Journal – a journal which focuses on the business continuity planning profession
When I talk about reliability I’m referring to the outcome all service providers aim for. The notion that the service works as it was designed to, and responds in a predicable fashion when it is needed. One way to improve reliability is to build a service that is resilient – it has the ability to withstand certain types of failure and yet remain fully functional from the customers’ perspective.
By Tim Rains, director, Trustworthy Computing
Almost every CISO or executive with security related responsibilities that I have talked to over the past couple of years has expressed interest in learning how to improve their security posture to better mitigate the risks posed by “APT” (Advanced Persistent Threats) style attacks. At Microsoft we don’t use the term APT because these attacks are typically based on old, well understood tactics and technologies, i.e. they aren’t really “advanced.”For example, one thing these attackers typically try to do is steal user names and passwords from networks they compromise so that they can get access to more resources and stay on the network undetected for as long as possible. One type of attack they use as a matter of course is called “pass-the-hash.” This involves stealing the hashed version (a one-way mathematical representation) of user names and passwords from a compromised network and using those credentials to obtain access to network resources and data. There has been a considerable amount of research and tool development in this area over the years that has made it easier for attackers to perform pass-the-hash and other credential theft and reuse attacks.
By Paul Nicholas, senior director Security, Trustworthy Computing
Have you ever wondered what factors contribute to how well a country or region is addressing cybersecurity issues? Today, I have the pleasure of presenting alongside my colleague, Kevin Sullivan at George Washington University’s Homeland Security Policy Institute in Washington DC on exactly that topic. During the lecture we will discuss key findings from a new special edition of our Microsoft Security Intelligence Report that focuses on “Measuring the Impact of Policy on Global Cybersecurity”.
This new report takes a look at cybersecurity in a world where the demographic of the internet is rapidly changing. Current projections indicate that internet users will double by 2020 to four billion worldwide, with large populations of users located in China, India and Africa. This change, coupled with a consistently evolving cybersecurity threat landscape will require governments around the world to look more broadly than ever before to understand the impact of the decisions that are being made today.
By Jeff Jones, director, Trustworthy ComputingWith RSA just two weeks away, I wanted to cordially invite you to our Microsoft Industry Appreciation party 8 pm to midnight, on Tuesday, February 26 at Ruby Skye in San Franciso. We had an amazing party last year and this one is not to be missed! Passes are limited and they are required to attend. At RSA in Moscone Center, come by our Microsoft booth #1616 during open Exhibit Hall hours on Monday, 6-8 pm or Tuesday, 11 am to 6 pm. More details follow below. See you there!
Posted by David Bills, Chief Reliability Strategist, Trustworthy Computing Today we published a new video series, ‘Fundamentals of cloud service reliability’. Designing and delivering reliable services is complex, and this series highlights the fundamentals of designing for service reliability and complements our recent whitepaper ‘An introduction to designing reliable cloud services’. Together, these pieces aim to be the catalyst for further discussions among services teams within organizations, as well as the industry itself.
The series consists of three short videos:1. ‘What is cloud service reliability?, discusses reliability and presents four goals cloud service providers should consider to make their customers happy.2. ‘Addressing common cloud service issues’, discusses the common causes of service failure and core design principles to help reduce the likelihood and severity of outages when they happen.3. ‘Designing for and responding to cloud service issues’, discusses a process to help cloud service providers design cloud services to meet customers’ expectations.
By Brendon Lynch, chief privacy officer, Microsoft
At Microsoft, we have some of the world’s top privacy researchers working on a wide variety of interesting challenges. We strive to translate this research into new privacy-enhancing technologies.
Today, we’re releasing a new whitepaper on Microsoft’s research in Differential Privacy written by Javier Salido on my team. To help set the stage, I’d like to provide some background on this timely topic.
Over the past few years, research has shown that ensuring the privacy of individuals in databases can be extremely difficult even after personally identifiable information (e.g., names, addresses and Social Security numbers) has been removed from these databases. According to researchers, this is because it is often possible, with enough effort, to correlate databases using information that is traditionally not considered identifiable. If any one of the correlated databases contains information that can be linked back to an individual, then information in the others may be link-able as well.
Posted by Jacqueline Beauchere, director, Trustworthy Computing Communications, Microsoft
Fewer than 15 percent of U.S. undergraduates are pursuing degrees in science and engineering. U.S. math and science test scores lag those of other nations, chiefly China and India. U.S. high schools are falling behind the rest of the world in computer science, and too few women and minorities are employed in science, technology, engineering and math (STEM) fields.
STEM subjects are arguably the foundation of our global economic future. Such skills are essential for almost any job, and are certainly imperative for nations to compete in an evolving marketplace. Indeed, STEM expertise likely holds the key to daunting global challenges, such as healthcare, hunger, poverty, and climate change. The U.S. Labor Department projects that by 2014, the U.S. will have more than two million job openings in STEM fields. The bottom line is: Will we be able to fill them?
Posted by Richard Saunders
For anyone who wants a primer on the security, privacy and reliability issues involved in the move to cloud computing, this video featuring Doug Cavit, principal security program manager and chief security strategist at Microsoft, is worth a watch.