Posted by Adrienne Hall, general manager, Trustworthy ComputingToday another Data Center Knowledge article posted by my colleague David Bills, chief reliability strategist, covering guiding design principles for cloud services. In the article, he explains the cultural shift and evolving engineering principles Microsoft employs to help improve the dependability of services. David says service providers need to identify as many potential failure conditions as possible in advance and account for those during the service design phase. During this phase, design teams can also consider new dynamics such as technological advances that test performance limits, the interplay of applications, and broader industry trends. This careful planning helps us decide exactly how the service is supposed to react if and when the unexpected occurs. The goal is for services to be able to recover from these failure conditions with minimal to zero interruptions. David suggests that cloud services teams employ failure mode and effects analysis to help build redundancy into cloud services. This type of analysis indicates that efforts to simplify physical infrastructure and utilize software to build resiliency into cloud services. I recommend reading David’s article and his prior Data Center Knowledge article. Both articles draw upon David’s experiences with our cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide.
Posted by Adrienne Hall, general manager, Trustworthy Computing
Business leaders need information, tools and research to understand if adopting the cloud can deliver advantages lower IT costs, increased efficiencies, and greater flexibility. They’re also reviewing whether the integration of cloud services into their overall IT roadmap helps address cybersecurity and privacy concerns.
Recent Wall Street Journal and Forbes news reported CIOs sentiment as follows:
For business leaders who are evaluating cloud security and privacy, I recommend a few resources to help inform decisions. The US-CERT’s recent Cybersecurity Questions for CEOs paper and the Cloud Security Alliance’s (CSA) Critical Areas of Focus in Cloud Computing guidance provides a road map with a focus on security to adopting cloud services. I also recommend a perusal of the CSA’s Security, Trust & Assurance Registry (STAR) which documents the security controls provided by various cloud computing offerings, thereby helping business leaders assess the security of cloud providers they currently use or are considering contracting. Microsoft cloud services are in the STAR to ensure customers have the information they need to assess security and privacy capabilities.
Organizations are utilizing Microsoft Office 365 for cloud based email, calendaring, collaboration, and conferencing to improve communication and collaboration. Enterprise cloud customers are increasing the delivery of new services to their business; enhancing server security and availability; and reducing network and server fixed costs.
Movement to the cloud represents an adaptive progression of IT strategy over time.
A new Data Center Knowledge article posted today by David Gauthier, director of data center architecture for Microsoft Global Foundation Services. In the article, David describes the early days of data center operations which had a heavy reliance on complex hardware redundancy. He then goes on to discuss today’s software design and architecture that now drives Microsoft’s cloud scale data center service availability. I recommend this evolutionary piece. It sheds light on the role and revolution of software that has vastly become the key driver of service availability. Next week I’ll highlight a few insights from my colleague David Bills (Chief Reliability Strategist) who will pen another Data Center Knowledge story on the cultural shift and adaptive engineering principles that we’re using to help improve the dependability of our cloud services.
Posted by Jacqueline Beauchere, chief online safety officer, Trustworthy ComputingToday, I’m pleased to announce the release of the third volume of Microsoft’s popular policymaker booklet, Building Global Trust Online: Policymaker Guide to Privacy, Safety, and Security. Volume 2’s individual documents were downloaded more than 100,000 times, and the 2013 edition has been translated into both French and German.
In addition to updates to well-read topics, including Online Bullying and Combating Botnets, in Volume 3, we’ve added a number of new safety-related topics, including:• Combating Human Trafficking• Combating Child Grooming Online• Parental Controls• Online Reputation, and
What does it take to build a large-scale data center? In addition to arrays of servers, storage and network devices, a data center requires multiple systems to provide a reliable source of power, suitable environmental conditions, plus operations management to provision, monitor and secure the facilities. As cloud computing adoption continues to rise, and customers demand 24/7 access to their services and data, reliability remains a challenge for cloud service providers everywhere.
Today Data Center Knowledge ran an article penned by my colleague David Bills, chief reliability strategist, that highlights customer needs for 24/7 access to cloud services and data and the challenges all cloud service providers face as they strive to provide highly available services. In his article, David states that consumers demand access 24 hours a day, seven days a week to their digital lives, and outages can have a significant negative impact on a company. However, the complex nature of cloud computing means that cloud service providers need to be mindful that things will go wrong — because it’s not a case of if, it’s strictly a matter of when. This means it’s critical for organizations to understand how best to design and deliver reliable cloud services. Bills bases his article on the experiences of Microsoft; managing a cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide.
I enjoyed David’s article and encourage you to read it, watch our cloud fundamentals video on reliability and share your thoughts on cloud computing via comments below.
Posted by Scott Charney, Corporate Vice President, Trustworthy Computing
Today I will speak at George Washington University on a panel discussing the development of International Cybersecurity Norms.
Developing cybersecurity norms is difficult process but essential for the future of cyberspace. For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals and organizations (including nation-states), and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will be successful in attacking systems, especially if raising defenses is the only response to an attack.
Addressing cybersecurity threats is hard for many reasons, I outline six of these in my paper on “Rethinking Cyber Threat – A Framework and Path Forward”, but let me highlight 3 that are especially hard for governments as they try to think through international security challenges related to cybersecurity.
· The Internet is a shared and integrated domain. It is shared by citizens, businesses, and governments in a manner that makes it difficult to segregate one group from another. Free speech, commercial transactions, espionage activities, and cyber warfare may be occurring in this shared and integrated domain, all at the same time and over the same transport medium. With a limited ability to parse actors and activities, tailored responses to specific threats are extremely hard to craft.
· The potential consequences of an attack are very difficult to predict. Certain nefarious activity such as network scans or unauthorized system access may be a prelude to information theft, a data integrity breach, or a disruption of service. Moreover, the complex interrelationships between systems suggest that there may be unanticipated cascading effects, some which may be more severe than even the intended effect. Finally, while some attacks may be obvious (for example, a denial of service attack against a critical infrastructure) and generate a quick response, other attacks may be hard to detect. Much has been written about the exfiltration of data from sensitive systems; a more disconcerting scenario might be a alteration of critical data. Not only can this be difficult to detect, but it may be difficult to discern when the data was changed without authority, thus making it difficult to “roll back” to a known good state.
· The worst-case scenarios are alarming. In the popular press, policy space, and think tanks, these scenarios include disrupting critical infrastructure services, impeding key economic functions, or imperiling public safety and national security. The complexity of these scenarios, which results in part from massive interconnectivity and dependencies between systems that are not always well understood, has made it difficult to develop a consensus regarding the probable consequences of an attack. As for our ability to recover quickly from such an attack, society’s increasing dependence on information technology systems and the data they contain may mean that there is no longer an existing manual process with trained people to fall back on.
These challenges and the rapidly changing threat landscape has also raised concerns about the dangers of potential conflicts in cyberspace. According to the United Nations, there are more than 30 countries that have developed doctrine related to the use of cyberspace and some have developed cyber defense centers.[i] In response, there has been a substantial increase in government to government dialogue related to international cybersecurity.
By Kim Sanchez, director, Trustworthy Computing Communications, Microsoft
What do computer science and social issues have in common? A lot more than might you think. For starters, computer science is being used to help solve some of the toughest issues that we’re facing around the world.
“Advances in computer science can be potentially transformative in sectors that make up the fabric of society: health care, transportation, energy, agriculture, and education,” says Dr. Jeanette Wing, Microsoft vice president and head of Microsoft Research International.
Within the computer science community, Dr. Wing is well-known for her advocacy of “computational thinking,” an approach to problem solving, designing systems and understanding human behavior that draws upon concepts fundamental to computer science. It’s about asking the right questions combined with the important skills that most subjects help develop, like creativity, ability to explain and team work. Dr. Wing sees it as a “universally applicable attitude and skill set that everyone, not just computer scientists, should be eager to learn and use.”
In her three-page article in the Communications of the ACM entitled Five Deep Questions in Computing she asks thought provoking questions to the computer-science community in order to start a specific dialogue around problem solving using key science drivers.
- Is there a complexity theory for analyzing our real-world computing systems as there is for the algorithms we invent?
By Adrienne Hall, general manager, Trustworthy Computing, Microsoft
Many organizations and governments around the world struggle to quantify the value of making security investments in an environment of increasingly complex business models, fast-moving technology shifts and ever-more sophisticated cyber criminals. In this fluid environment, it can be challenging to justify resources and budget for situations such as a security incident that did not interrupt business operations. Budget approvals often occur after an incident occurs and when the damage is already done. Given this dynamic, and the need to keep customers protected from changes in the threat landscape, Microsoft has remained committed to producing threat intelligence that can help inform different security investments.
We have long reported on the changing threat landscape through the Microsoft Security Intelligence Report (SIR). In a new, Special Edition SIR report released last month titled “Linking Cybersecurity Policy and Performance,” we provide insight into different socio-economic factors that can influence cybersecurity outcomes. The study examines how socio-economic factors, such as GDP per capita, broadband penetration, mobile devices and Facebook usage correlate with cybersecurity outcomes as measured by regional malware infection rates. This data is designed to help organizations and governments better understand the potential impact socio-economic factors have on cybersecurity and serve to inform security investment decisions.
Posted by Jacqueline Beauchere, Director, Trustworthy Computing Communications, Microsoft
As incidents of online meanness and cruelty continue to garner media attention, and children worry about becoming targets, parents, educators, and school districts must continue to band together to help kids stand up to online bullying. Recently, I participated in a local high-school event in Washington State, where 1,500 students, educators, and available parents discussed the realities of online bullying. In an ad hoc poll taken by one of the students at an assembly, well over half the student body stood up to acknowledge that they had, in fact, been mean to or bullied someone else online. This visual demonstration from the students is not unlike what Microsoft has witnessed around the world. Last June, we released results of a 25-country survey of youth aged eight to 17, asking them about some of the negative behaviors they’ve experienced online. More than half (54 percent) told us they were worried about being bullied online. Contrast that with only 29 percent who said their parents have talked to them about the issue. Teens are 43 percent more likely to be mean online, compared to eight to 12 year olds, the data show. I shared this point with the students because they have the power – with the help of others – to help keep these numbers from climbing. School programs like this one that bring together parents, students, educators, and technology leaders, are a step in the right direction. They allow everyone involved the opportunity to share their thoughts, insights, data, guidance, and resources to work toward a common goal. It’s much like the positive goal of “A Platform for Good” (PfG), a project of The Family Online Safety Institute (FOSI), which is asking everyone to pledge to use their power for good. The pledge consists of a simple but powerful statement: "I will use my power for good," and will support teens and parents in using the Internet to create a movement of positive interactions - from reaching out to old friends, sharing compliments, or becoming virtual volunteers.
Posted by David Bills, Chief Reliability Strategist, Trustworthy Computing Today we published a new video series, ‘Fundamentals of cloud service reliability’. Designing and delivering reliable services is complex, and this series highlights the fundamentals of designing for service reliability and complements our recent whitepaper ‘An introduction to designing reliable cloud services’. Together, these pieces aim to be the catalyst for further discussions among services teams within organizations, as well as the industry itself.
The series consists of three short videos:1. ‘What is cloud service reliability?, discusses reliability and presents four goals cloud service providers should consider to make their customers happy.2. ‘Addressing common cloud service issues’, discusses the common causes of service failure and core design principles to help reduce the likelihood and severity of outages when they happen.3. ‘Designing for and responding to cloud service issues’, discusses a process to help cloud service providers design cloud services to meet customers’ expectations.