Posted by: Tim Rains, Director, Trustworthy Computing Communications
I attended the second annual Cloud Security Alliance Congress event a couple of weeks ago in Orlando Florida and wanted to pass on some of what I learned.
The Cloud Security Alliance (CSA), of which we are a member, was founded in 2008. It has emerged as a leading industry authority focused on promoting the use of best practices for providing security assurance within cloud computing, and providing education on the uses of cloud computing. In the course of three years, CSA has released 12 research reports, created a cloud provider registry, and established the only user certification related to the security knowledge of cloud computing. All its research products are the result of global collaboration and are provided at no cost, and royalty-free, to any organization that wants them (https://cloudsecurityalliance.org/about/).
The CSA Congress was a full two-day, multi-track conference preceded by in-depth training sessions. I attended hoping to get some insights into what cloud adopters, cloud providers and others are thinking about the benefits, challenges, and security aspects related to cloud computing. I wasn’t disappointed as there was no shortage of people sharing what they have learned about the cloud, and debating the finer points of security and privacy related topics.
Posted by: Peter Cullen, General Manager, Trustworthy Computing, Microsoft
Today, European Union Commissioner Neelie Kroes announced the formation of the ‘CEO Coalition on Child Online Safety.’ Microsoft is pleased to be a founding member of this coalition, which is a collective effort of government and industry to discuss best practices that “make the Internet a better place for children.”
I will serve as Microsoft’s representative on the CEO Coalition, and Microsoft remains committed to advancing ways to make online services and the Internet safer for children. We also believe such joint efforts, involving all major industry players in the digital ecosystem – including hardware manufacturers, technology companies, content creators, telecommunications and online service providers – are necessary to achieving real progress in the area of online safety.
One of the most interesting aspects of the Microsoft Security Intelligence Report is data on how regional malware infection rates change over time. This data helps us and our customers understand the tactics and strategies that attackers are using to compromise systems, steal identities and confidential data. Subsequently this intelligence helps our customers optimize their defenses.
Posted by: Jacqueline Beauchere, Director, Online Privacy and Safety
Before I go any further, I want to assure you that this is a legitimate Microsoft blog, and that I genuinely work for the company.
If you’ve received an unsolicited phone call from someone claiming association with Microsoft and offering technical support, or help with a security problem you didn’t know you had, I wouldn’t blame you for doubting me.
Unfortunately, in today’s day and age, a little suspicion is a good thing because increasingly devious, determined and resourceful criminals want to steal from you. Cash is what they really want, but personal information they can exploit for financial gain – that’ll do nicely, too, thank you.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
We might not be able to predict the unknown, but we can do our best to be prepared for it. For organizations of all sizes contingency planning is vital to success. To this end, my Microsoft colleague, Cindy Bates, vice president, U.S. SMB Organization, recently shared a set of helpful resources on the subject of disaster preparedness.
This e-guide helps cut through the clutter by pointing out the key factors for organizations to consider when building business contingency plans. There’s no one disaster preparedness plan that works for all organizations, but elements such as environment mapping, data backup options and communication methods are integral parts of any successful plan.
Posted by: Brendon Lynch, Chief Privacy Officer
Cloud computing has quickly become a mainstream technology. Global businesses, entrepreneurs and government agencies are embracing the cloud to accelerate innovation and cut costs.
But the continued growth of cloud computing is not inevitable. Cloud providers need to adequately address the data protection and security concerns of enterprise customers and regulators for cloud services to earn the trust necessary to fulfill their potential benefits for businesses and governments.
Posted by: Richard Saunders, Director, Trustworthy Computing Communications
Since we started this blog, you’ve seen us highlight the trustworthiness of Microsoft’s cloud offerings and our commitment to the cloud as a secure and sustainable computing model.
But it’s always useful to have another’s perspective, so you may want to check out Nick Hoover’s/InformationWeek recent writing on cloud security. Over the last few weeks Nick has sought the opinions of a number of security industryleaders. In a story from this past Monday, “Cloud Security: Better Than We Think?,” Nick tied his recent work together.
In my last blog post, I mentioned Ernst & Young’s 14th annual Global Information Security Survey. One very interesting aspect of this survey is related to the use of mobile computing platforms.
The report states, “our survey shows that the adoption of tablets and smartphones ranked second-highest on the list of technology challenges perceived as most significant, with more than half of respondents listing it as a difficult or very difficult challenge.”
A big part of my job at Microsoft is talking to CISOs, CSOs, as well as VPs and directors about the security of their organization’s assets, including intellectual property and confidential data. Recently I had the opportunity to talk to a group of them about cloud computing.
There were a number of similarities between the concerns they raised and some of the findings I see reported in various industry surveys, such as Ernst & Young’s 14th annual Global Information Security Survey.
For example, in the report from Ernst & Young it states “61% [of survey respondents] are currently using, evaluating or planning to use cloud computing-based services within the next year.” I can believe that because all the people I talked to recently have either migrated some applications to the cloud or were evaluating doing so in the near term.
I was in London recently to deliver a keynote at the RSA Conference Europe. I spoke about many of the cloud topics I’m passionate about. Things such as balancing risk and potential when considering the cloud and how the cloud can make security updating more cost efficient for organizations. I also announced the findings of the latest version of Microsoft’s Security Intelligence Report.
Tying these themes together, the underlying point to my keynote was that trust has been the constant imperative throughout history for a technology or radical idea to reach its true potential. The examples I gave were Copernicus’s heliocentric model for the universe, the camera and the telephone.
To see what I mean, please check out my presentation below and share your thoughts on trust and technology.