Posted by Richard Saunders
For anyone who wants a primer on the security, privacy and reliability issues involved in the move to cloud computing, this video featuring Doug Cavit, principal security program manager and chief security strategist at Microsoft, is worth a watch.
Posted by Peter Cullen, chief privacy strategist, Microsoft
Over the past several months, we’ve been convening discussions with some of the world’s foremost privacy thinkers, including representatives of regulatory bodies, government policymakers, academia, NGOs and industry to explore alternate models for privacy in a modern information economy. At meetings in Washington, D.C.; Brussels; Singapore; Sydney and Sao Paulo, we’ve debated how best to evolve the notice, choice and consent model to better meet changing societal needs. Yesterday, we advanced those discussions at a global forum here in Redmond, Washington.
Microsoft has a long-standing commitment to privacy and, as part of Trustworthy Computing’s 10-year milestone last January, Corporate Vice President Scott Charney suggested that, in a world of connected devices, technology-enabled information use, and the emergence of “big data,” it’s time to consider evolving the frameworks that have governed aspects of the protection of personal data. He proposed a model that shifts focus toward acceptable use of data, and he suggested specific ways to hold organizations accountable for its management, as opposed to the current common themes of collection limitation, notice and choice.
Posted by: Jacqueline Beauchere, Director, Online Privacy and Safety
Before I go any further, I want to assure you that this is a legitimate Microsoft blog, and that I genuinely work for the company.
If you’ve received an unsolicited phone call from someone claiming association with Microsoft and offering technical support, or help with a security problem you didn’t know you had, I wouldn’t blame you for doubting me.
Unfortunately, in today’s day and age, a little suspicion is a good thing because increasingly devious, determined and resourceful criminals want to steal from you. Cash is what they really want, but personal information they can exploit for financial gain – that’ll do nicely, too, thank you.
By Adrienne Hall, General Manager, Trustworthy Computing
“There is no such thing as a secure cloud,” according to Greg Ferro, who moderated the panel discussion in which I participated at the GigaOM Structure: Europe conference. And so began a lively conversation with Greg and other industry pros.
During the panel I described three broad categories of ongoing work in relation to cloud offerings: 1) development – how we create the software behind the service, 2) data center security – how we protect the operational environment in which services are running and, 3) incident response – how we manage services if and when, the unexpected occurs.
After the panel, I was asked a few follow on questions about Microsoft’s Security Development Lifecycle (SDL), a security assurance process that introduces security and privacy into all phases of development. It has been a mandatory policy at Microsoft since 2004.
There’s no question in my mind that the wholesale adoption of this approach has helped reduce the number and severity of vulnerabilities. It also reduces costs by discovering and addressing potential security and data privacy issues early in the design phase, where changes can be made with less disruption to the overall project.
See More >>
Posted by Adrienne Hall, general manager, Trustworthy Computing
Business leaders need information, tools and research to understand if adopting the cloud can deliver advantages lower IT costs, increased efficiencies, and greater flexibility. They’re also reviewing whether the integration of cloud services into their overall IT roadmap helps address cybersecurity and privacy concerns.
Recent Wall Street Journal and Forbes news reported CIOs sentiment as follows:
For business leaders who are evaluating cloud security and privacy, I recommend a few resources to help inform decisions. The US-CERT’s recent Cybersecurity Questions for CEOs paper and the Cloud Security Alliance’s (CSA) Critical Areas of Focus in Cloud Computing guidance provides a road map with a focus on security to adopting cloud services. I also recommend a perusal of the CSA’s Security, Trust & Assurance Registry (STAR) which documents the security controls provided by various cloud computing offerings, thereby helping business leaders assess the security of cloud providers they currently use or are considering contracting. Microsoft cloud services are in the STAR to ensure customers have the information they need to assess security and privacy capabilities.
Organizations are utilizing Microsoft Office 365 for cloud based email, calendaring, collaboration, and conferencing to improve communication and collaboration. Enterprise cloud customers are increasing the delivery of new services to their business; enhancing server security and availability; and reducing network and server fixed costs.
Movement to the cloud represents an adaptive progression of IT strategy over time.
Posted by Adrienne Hall, general manager, Trustworthy ComputingToday another Data Center Knowledge article posted by my colleague David Bills, chief reliability strategist, covering guiding design principles for cloud services. In the article, he explains the cultural shift and evolving engineering principles Microsoft employs to help improve the dependability of services. David says service providers need to identify as many potential failure conditions as possible in advance and account for those during the service design phase. During this phase, design teams can also consider new dynamics such as technological advances that test performance limits, the interplay of applications, and broader industry trends. This careful planning helps us decide exactly how the service is supposed to react if and when the unexpected occurs. The goal is for services to be able to recover from these failure conditions with minimal to zero interruptions. David suggests that cloud services teams employ failure mode and effects analysis to help build redundancy into cloud services. This type of analysis indicates that efforts to simplify physical infrastructure and utilize software to build resiliency into cloud services. I recommend reading David’s article and his prior Data Center Knowledge article. Both articles draw upon David’s experiences with our cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide.
Posted by Jacqueline Beauchere, Chief Online Safety Officer, Microsoft
Almost 46 percent of Internet users are going online to find a job, according to recent data. That total nearly doubles when it comes to hiring managers using the Internet to screen prospective candidates. Increasingly, such statistics, coupled with conversations about online reputation – like the one at last week’s 2013 FOSI European Forum – continue to show that in today’s digital world, online information is just as important as an individual’s past employment history. Held in Dublin and sponsored by The Family Online Safety Institute (FOSI), last week’s event brought together some 150 representatives from government, including Frances Fitzgerald, the Irish Minister for Children and Youth Affairs; industry leaders from companies such as Microsoft, Facebook, and Twitter the education sector, civil society, and the advocacy community to discuss, “The Year of the Digital Citizen: Online Safety, Data Protection, and Privacy.”It was a question and comment from an audience member that sparked additional conversation, and underscored for me and others the ongoing need to attentively safeguard one’s digital reputation.
Posted by Jacqueline Beauchere, director, Trustworthy Computing, Microsoft
Microsoft and others in the technology industry have long maintained that helping to keep individuals and families safer online is a “shared responsibility” – among industry, government, law enforcement, civil society, and consumers themselves.
This notion requires the collaborative commitment agreed to in the recently released 19-page report, “Involving Intermediaries in Cyber Security Awareness-Raising.” This release follows a day-long information-sharing event in Brussels, sponsored by the European Commission and ENISA – the European Network and Information Security Agency. Forty-five EU and U.S. representatives from the public and private sectors participated, where discussions centered on cross-border cooperation and the importance of public-private partnerships (PPPs).
I had the privilege of being the sole delegate from the United States, representing the National Cyber Security Alliance (NCSA), one of Microsoft’s key online safety partners. My presentation focused on the work of the U.S. Department of Homeland Security (DHS) and the NCSA, most notably, National Cyber Security Awareness Month (NCSAM) and its signature STOP. THINK. CONNECT.™ (STC) awareness campaign, a sterling example of a successful PPP.
One of the things I enjoyed most about the CSA Congress was spending time with people in and around the technology industry and the cloud computing sector. One of the presenters at this year’s congress, held the first week of December in Orlando, Florida, was Philip Lieberman, President of Lieberman Software, a provider of identity management and security products and a Microsoft Gold Certified Partner.
During his plenary address, Philip announced that Lieberman Software’s privileged identity management (PIM) solution, Enterprise Random Password Manager™ (ERPM), is now available on Windows Azure. Later I enjoyed spending time with Philip one to one, learning more about this solution and his business. More >>
By Trustworthy Computing Staff
Microsoft has a longstanding commitment to building technology that improves the lives of people of all ages and abilities. We’re proud of the work we do to provide trusted computing experiences for everyone.
Some of that work includes programs to reach people who may not have experienced our technology before, or may not have used it to its fullest extent. A recent example of this is Exergamers NYC, a public-private partnership in which Microsoft collaborated with New York City government agencies to help seniors benefit from using Kinect for XBOX 360 and Skype.
Together, we set up Exergaming programs at senior centers across the five boroughs of New York, enabling seniors to enjoy a fun workout like Zumba or virtual bowling without using complicated machines or heavy objects. Players can also watch their competitors at other locations and engage with them directly over Skype.
For more details on Exergamers, please see this blog post by Bonnie Kearney from our Accessibility team.