By Adrienne Hall, General Manager, Trustworthy Computing
Microsoft has been steadfastly committed to, and engaged in, the W3C's Tracking Protection Working Group’s efforts to define a Do Not Track standard. We believe DNT holds the potential to help people better manage their privacy online.
The Working Group chairs are currently asking members how and whether to proceed with DNT standards work. At the Microsoft on the Issues blog, Chief Privacy Officer Brendon Lynch shared our response, emphasizing that Microsoft supports continued work toward a final, meaningful DNT standard that will help build greater trust across the Internet ecosystem.
By Adrienne Hall, General Manager, Trustworthy Computing
The second annual Cloud Security Alliance (CSA) EMEA Congress was held last month in Edinburgh, Scotland, where several hundred business leaders and security professionals participated in an interesting series of sessions and interactive demonstrations from 20+ cloud providers.
With more and more organizations moving from evaluating the cloud to actual deployment, it is not surprising that trust, transparency and compliance came up during this event. Cloud providers should be prepared to address questions in these areas.
I was invited to deliver a keynote presentation at the event, in which I outlined the investments Microsoft makes in three broad categories: 1) the development of secure cloud offerings; 2) datacenter security; and 3) incident response – communication to customers if and when the unexpected occurs.
See more >>
“There is no such thing as a secure cloud,” according to Greg Ferro, who moderated the panel discussion in which I participated at the GigaOM Structure: Europe conference. And so began a lively conversation with Greg and other industry pros.
During the panel I described three broad categories of ongoing work in relation to cloud offerings: 1) development – how we create the software behind the service, 2) data center security – how we protect the operational environment in which services are running and, 3) incident response – how we manage services if and when, the unexpected occurs.
After the panel, I was asked a few follow on questions about Microsoft’s Security Development Lifecycle (SDL), a security assurance process that introduces security and privacy into all phases of development. It has been a mandatory policy at Microsoft since 2004.
There’s no question in my mind that the wholesale adoption of this approach has helped reduce the number and severity of vulnerabilities. It also reduces costs by discovering and addressing potential security and data privacy issues early in the design phase, where changes can be made with less disruption to the overall project.
See More >>
I’m really excited to be in London for the GigaOM Structure: Europe conference, which kicks off tomorrow. Not only is London one of my favorite places to visit, but the conference has a great agenda.
I’m looking forward to participating in the panel discussion: Mission not so impossible: a truly secure cloud?, and hearing from my fellow panelists.
Greg Ferro - Network Architect, Ca and Analyst, GigaOM Research Joe Baguley - CTO, EMEA, VMware Gavan Egan - VP Sales, Verizon Terremark Europe Hila Meller - Head of Security Strategy EMEA, CA Technologies
You can watch my panel live, Sept. 19 at 11:20 a.m. BST (3:20 a.m. PT) on the conference site. Click “WATCH NOW”. Our team will be sharing updates on Twitter throughout the conference and I’ll report back once it’s over. And if you’re there, I look forward to seeing you in person!
By David Bills, Chief Reliability Strategist, Trustworthy Computing
Things will go wrong – it’s not a matter of if, but strictly a matter of when. In my role, a large part of my focus is working with teams across Microsoft to identify the types of things that can go wrong in the complex ecosystem that makes up the cloud (everything from infrastructure to networks, to software - even administrator error), and build resilience into our services to ensure the impact - when things do go wrong - is minimized.
But if an organization truly wants to be resilient, there are many other facets of risk to consider.
This month Asia Futures magazine has published an article on organizational resilience, in which Pierre Noel, chief security officer and advisor, Microsoft Asia, shares his thoughts on the topic. The article looks at what it takes for an organization to be resilient, how to effectively plan for and mitigate disaster, and some of the specific challenges and opportunities on the theme of resilience.
Regulatory compliance and managing security risks are two important challenges facing IT professionals today. From the Chief Information Security Officers (CISOs) we talk to, there’s steady interest in hearing more on these topics.
At Trustworthy Computing, we’re fortunate to have access to some of the best and brightest security minds – including security executives from around the world as well as our own internal experts. To help share that expertise with the broader security community, we’ve recently released two “CISO Perspectives” articles covering Risk and Compliance in the Cloud.
Fighting security threats is a never-ending job. And Microsoft can’t do it alone.
One of our most successful partnership efforts is the Microsoft Active Protections Program (MAPP), through which we share threat information with security vendors ahead of our regular monthly security updates.
Recently, the Microsoft Security Response Center (MSRC) announced that MAPP would be expanded, adding more partners and giving our top collaborators even more time to create more comprehensive, higher-quality protections.
Windows Azure receives important SOC 2 and CCM security attestations
By Tim Rains, Director, Trustworthy Computing
The Cloud Security Alliance’s Security Trust and Assurance Registry, or CSA STAR, provides existing and potential customers with insight into how cloud providers – Microsoft and others – are managing the security controls of their services. And at Microsoft, we believe it’s a great tool for businesses considering a move to the cloud as it gives them the visibility and transparency they are looking for to make informed decisions.
We submitted a CSA STAR self-assessment for Windows Azure last March. And in April, three major Microsoft cloud services had self-assessments in the CSA STAR. Today, we took that one step further in getting the self-assessment for Windows Azure verified via a third party.
By Jacqueline Beauchere, Chief Online Safety Officer, Microsoft
The Internet is an extraordinary tool for enabling children to learn and explore the world around them. Many parents and educators recognize that “digital literacy” is a prerequisite to helping students excel in today’s digital world. That’s why I want to help spread the word about a new Microsoft initiative, Bing for Schools, to help teach these essential online skills.
Bing For Schools offers the option to tailor the Bing experience by removing advertisements from search results, enhancing privacy protections, filtering adult content, and adding specialized learning features that help develop positive online behaviors.
Still Running Windows XP? Upgrade Now to Reduce Security Risks
Posted by Adrienne Hall, general manager, Trustworthy Computing
As of April 8, 2014, customers and partners will no longer receive security updates for Windows XP, or get Microsoft tech support for Windows XP.
Without security updates, a PC running Windows XP will become more vulnerable to viruses, spyware, and other malicious software. If your business is currently running Windows XP, now is the time to consider upgrading to a modern operating system.