Posted by Richard Saunders
For anyone who wants a primer on the security, privacy and reliability issues involved in the move to cloud computing, this video featuring Doug Cavit, principal security program manager and chief security strategist at Microsoft, is worth a watch.
Posted by: Jacqueline Beauchere, Director, Online Privacy and Safety
Before I go any further, I want to assure you that this is a legitimate Microsoft blog, and that I genuinely work for the company.
If you’ve received an unsolicited phone call from someone claiming association with Microsoft and offering technical support, or help with a security problem you didn’t know you had, I wouldn’t blame you for doubting me.
Unfortunately, in today’s day and age, a little suspicion is a good thing because increasingly devious, determined and resourceful criminals want to steal from you. Cash is what they really want, but personal information they can exploit for financial gain – that’ll do nicely, too, thank you.
By Brendon Lynch, chief privacy officer, Microsoft
At Microsoft, we have some of the world’s top privacy researchers working on a wide variety of interesting challenges. We strive to translate this research into new privacy-enhancing technologies.
Today, we’re releasing a new whitepaper on Microsoft’s research in Differential Privacy written by Javier Salido on my team. To help set the stage, I’d like to provide some background on this timely topic.
Over the past few years, research has shown that ensuring the privacy of individuals in databases can be extremely difficult even after personally identifiable information (e.g., names, addresses and Social Security numbers) has been removed from these databases. According to researchers, this is because it is often possible, with enough effort, to correlate databases using information that is traditionally not considered identifiable. If any one of the correlated databases contains information that can be linked back to an individual, then information in the others may be link-able as well.
Posted by Jacqueline Beauchere, director, Trustworthy Computing Communications, Microsoft
Fewer than 15 percent of U.S. undergraduates are pursuing degrees in science and engineering. U.S. math and science test scores lag those of other nations, chiefly China and India. U.S. high schools are falling behind the rest of the world in computer science, and too few women and minorities are employed in science, technology, engineering and math (STEM) fields.
STEM subjects are arguably the foundation of our global economic future. Such skills are essential for almost any job, and are certainly imperative for nations to compete in an evolving marketplace. Indeed, STEM expertise likely holds the key to daunting global challenges, such as healthcare, hunger, poverty, and climate change. The U.S. Labor Department projects that by 2014, the U.S. will have more than two million job openings in STEM fields. The bottom line is: Will we be able to fill them?
Posted by: Tim Rains, Director, Trustworthy Computing
Lori Woehler, senior director in the Microsoft World Wide Public Sector team, joins me to discuss how Microsoft World Wide Public Sector works with government, health care, education, public safety, and national security customers globally.
Posted by Peter Cullen, chief privacy strategist, Microsoft
Over the past several months, we’ve been convening discussions with some of the world’s foremost privacy thinkers, including representatives of regulatory bodies, government policymakers, academia, NGOs and industry to explore alternate models for privacy in a modern information economy. At meetings in Washington, D.C.; Brussels; Singapore; Sydney and Sao Paulo, we’ve debated how best to evolve the notice, choice and consent model to better meet changing societal needs. Yesterday, we advanced those discussions at a global forum here in Redmond, Washington.
Microsoft has a long-standing commitment to privacy and, as part of Trustworthy Computing’s 10-year milestone last January, Corporate Vice President Scott Charney suggested that, in a world of connected devices, technology-enabled information use, and the emergence of “big data,” it’s time to consider evolving the frameworks that have governed aspects of the protection of personal data. He proposed a model that shifts focus toward acceptable use of data, and he suggested specific ways to hold organizations accountable for its management, as opposed to the current common themes of collection limitation, notice and choice.
Posted by Jacqueline Beauchere, director, Trustworthy Computing, Microsoft
Microsoft and others in the technology industry have long maintained that helping to keep individuals and families safer online is a “shared responsibility” – among industry, government, law enforcement, civil society, and consumers themselves.
This notion requires the collaborative commitment agreed to in the recently released 19-page report, “Involving Intermediaries in Cyber Security Awareness-Raising.” This release follows a day-long information-sharing event in Brussels, sponsored by the European Commission and ENISA – the European Network and Information Security Agency. Forty-five EU and U.S. representatives from the public and private sectors participated, where discussions centered on cross-border cooperation and the importance of public-private partnerships (PPPs).
I had the privilege of being the sole delegate from the United States, representing the National Cyber Security Alliance (NCSA), one of Microsoft’s key online safety partners. My presentation focused on the work of the U.S. Department of Homeland Security (DHS) and the NCSA, most notably, National Cyber Security Awareness Month (NCSAM) and its signature STOP. THINK. CONNECT.™ (STC) awareness campaign, a sterling example of a successful PPP.
Posted by Adrienne Hall, general manager, Trustworthy Computing
Business leaders need information, tools and research to understand if adopting the cloud can deliver advantages lower IT costs, increased efficiencies, and greater flexibility. They’re also reviewing whether the integration of cloud services into their overall IT roadmap helps address cybersecurity and privacy concerns.
Recent Wall Street Journal and Forbes news reported CIOs sentiment as follows:
For business leaders who are evaluating cloud security and privacy, I recommend a few resources to help inform decisions. The US-CERT’s recent Cybersecurity Questions for CEOs paper and the Cloud Security Alliance’s (CSA) Critical Areas of Focus in Cloud Computing guidance provides a road map with a focus on security to adopting cloud services. I also recommend a perusal of the CSA’s Security, Trust & Assurance Registry (STAR) which documents the security controls provided by various cloud computing offerings, thereby helping business leaders assess the security of cloud providers they currently use or are considering contracting. Microsoft cloud services are in the STAR to ensure customers have the information they need to assess security and privacy capabilities.
Organizations are utilizing Microsoft Office 365 for cloud based email, calendaring, collaboration, and conferencing to improve communication and collaboration. Enterprise cloud customers are increasing the delivery of new services to their business; enhancing server security and availability; and reducing network and server fixed costs.
Movement to the cloud represents an adaptive progression of IT strategy over time.
Posted by Adrienne Hall, general manager, Trustworthy ComputingToday another Data Center Knowledge article posted by my colleague David Bills, chief reliability strategist, covering guiding design principles for cloud services. In the article, he explains the cultural shift and evolving engineering principles Microsoft employs to help improve the dependability of services. David says service providers need to identify as many potential failure conditions as possible in advance and account for those during the service design phase. During this phase, design teams can also consider new dynamics such as technological advances that test performance limits, the interplay of applications, and broader industry trends. This careful planning helps us decide exactly how the service is supposed to react if and when the unexpected occurs. The goal is for services to be able to recover from these failure conditions with minimal to zero interruptions. David suggests that cloud services teams employ failure mode and effects analysis to help build redundancy into cloud services. This type of analysis indicates that efforts to simplify physical infrastructure and utilize software to build resiliency into cloud services. I recommend reading David’s article and his prior Data Center Knowledge article. Both articles draw upon David’s experiences with our cloud-based infrastructure supporting more than 200 services, 1 billion customers, and 20 million businesses in more than 76 markets worldwide.
Posted by Adrienne Hall, general manager, Trustworthy Computing with special guest Bobby Jimenez, chief technology officer of Sindicatum Sustainable Resources
The cloud continues to transform the way organizations do business. CIOs are identifying business priorities and gaining IT efficiencies such as rapid deployment and the flexibility to grow and contract as their needs change over time.
The security features in Office 365 are helping organizations positively offset their historical security management budget and thus freeing up IT personnel to work on projects that are directly focused on their core business.
Last year I met with Bobby Jimenez, chief technology officer of Sindicatum Sustainable Resources, in Singapore about his company’s move to the cloud and today he reports on green IT, reduced costs and time efficiencies gained through Office 365. In his words, Mr. Jimenez shares his cloud experience: