By Kim Sanchez, director, Trustworthy Computing
The idea of sharing our work experiences with our kids gained a lot of momentum when the Take our Daughters and Sons to Work Foundation was launched 20 years ago. This group's annual event provides an opportunity for millions of children to learn about what their parent, guardian, or mentor may do, see where they work, and discover possibilities about their future
For me, this event was a good reminder that Online Safety isn’t just about families. The strategies for protecting your home PC and your children are not all that different from protecting your employees and your business or workplace.
See More >>
Building Resilient Cloud Services at Microsoft
By Adrienne Hall, general manager, Trustworthy Computing
How can cloud service providers make sure their services are resilient and reliable? A resilient service should be able to withstand certain issues, remaining fully-functional and therefore being perceived as reliable. But cloud service providers operate in a complex ecosystem, constantly being challenged by reliability-related threats.
This month Asia Futures magazine published an article based on an interview with my colleague David Bills, Microsoft's chief reliability strategist. In the article, David talks about why resilience is important and provides insight into some of the techniques that can be used to achieve it.
See more >>
Building a Secure Cloud
Posted by Adrienne Hall, general manager, Trustworthy Computing
Can we build a truly secure cloud? It’s a challenging goal, and the topic of a panel discussion on which I’ll be participating during GigaOM’s Structure:Europe conference in September. Security is an important consideration for organizations looking to tap the cloud’s cost savings, flexibility and scalability. People want to know if the cloud vendor they choose can keep their data secure and readily available, while effectively managing any unexpected events.
Posted by Jacqueline Beauchere, Chief Online Safety Officer, Trustworthy Computing, Microsoft
As noted in a recent post, I spent the spring months on a “listening tour.” I spoke with prominent individuals both inside and outside of Microsoft, seeking opinions and insights to help inform the strategy and approach for my new role. While my position and title may be new for the company—and the industry, the commitment to Internet safety is not.
Taking into account the risks stemming from content, contact, conduct, and commerce (“The Four Cs”), a concept I shared in the first part of this post, I’ll focus this second half on how the online safety risk-landscape has evolved, current trends, and where we’re likely headed next.
Are You and Your IT Staff on The Same Page?
For business leaders to make sound decisions related to ITsecurity, they need clear, timely information that maps to business goals.
Unfortunately, many IT professionals could do better in communicatingwith executives, according to a recent study conductedby the Ponemon Institute for the IT security firm Tripwire. See more >>
When I officially assumed my new role this spring, I began a “listening tour” with the goal of further shaping Microsoft’s impact in helping to create safer, more trusted online experiences for individuals and families. I’ve spoken with—actually interviewed—dozens of influential people both inside and outside Microsoft, in the U.S. and around the world, who have chosen to make Internet safety their life’s work. Eighty-five conversations later (and counting), I’ve been gathering perspectives as to the current state of global online safety, the evolving risk-landscape, current hot topics, and where we may be headed next.
In this first of a two-part blog, I’d like to share some of those themes, including insightful reflections from my interviewees, as well as offer a few thoughts about the discipline of online safety at Microsoft.
One place to start is with a definition. When I asked experts how they define online safety, I was often met with quizzical stares or silence on the other end of the telephone line. Indeed, people who focus on online safety, or have even a portion of it as part of their day-job, know and understand what it means. But, to others, it might not be as clear. I often invoked the now-famous phrase coined by U.S. Supreme Court Justice Potter Stewart, who in 1964 was attempting to define a threshold for obscenity: We, in online safety, “know it when (we) see it.” But, to actually articulate some strictures for the field proved somewhat more challenging.
As cloud computing begins to mature, organizations are looking at ways to understand the opportunities and assess their own current IT environment with regard to security, privacy and reliability practices, policies and compliance. To help organizations make informed security decisions and evaluate IT readiness for moving assets to the cloud, I recommend two resources:
First, the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing guidance provides enterprises with a set of best security practices based on 14 domains involved in governing or operating the cloud. The domains align with industry standards and best practices and are written to emphasize security, stability and privacy. The CSA recommends that organizations adopt a risk-based approach to moving to the cloud and selecting security options. Their approach can help IT leaders make more informed security decisions and help reduce risk when adopting the cloud.Last fall I announced Microsoft’s new free Cloud Security Readiness Tool, which builds on CSA’s Cloud Controls Matrix (CCM). The tool provides organizations with a solid baseline into their current security, privacy and reliability practices, understand relevant regulations, and determine their readiness for cloud adoption. The tool offers a short survey and custom report to better understand systems, processes, policies and practices and evaluate how to improve your current IT state. Technical business leaders can evaluate cloud services against critical areas and compliance within common industry standards.
Posted by Adrienne Hall, general manager, Trustworthy ComputingLast week Microsoft announced three new bounty programs that encourage the security research community to report vulnerabilities in our latest browser. The concept of bounty programs is not new. Our approach is simple – we believe in building smart engagements with the security research community to create meaningful impact across the IT ecosystem. Recent news stories highlight the novel approach and explain how the new bounty programs bring more minds to the table.
All our new bounty programs are designed to work together: • Mitigation Bypass Bounty – Microsoft will pay up to $100,000 USD for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). • BlueHat Bonus for Defense – Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass Bounty submission. • IE11 Preview Bug Bounty – Microsoft will pay up to $11,000 USD for critical-class vulnerabilities that affect IE11 Preview on Windows 8.1 Preview. This includes security bugs with privacy implications.
Post by Kim Sanchez, director, Trustworthy Computing Communications Online Safety
With constant access to Internet-enabled devices, we explore, learn, conduct business, and connect in new ways every day. From supporting important issues on our Facebook feeds and making disaster relief donations through Twitter, to posting captivating moments on Instagram, social media is becoming more prevalent in our daily lives. So it’s no surprise that individuals and families are looking for guidance on ways to have the best experiences online. This is evident as the Microsoft Safer Online Facebook page recently reached its million-fan milestone. We believe it’s a shared responsibility to help educate our global community about the tools and resources we offer through the online channels where we discover and interact.
Posted by Adrienne Hall, general manager, Trustworthy ComputingIf you’ve been following the TwC Blog this week you’ll have read about a blind study we commissioned to compare the way that small to midsized businesses (SMB) in France, the U.K., the U.S. and Germany perceive the cloud in terms of security, privacy and reliability. These answers were then compared with the real experiences of SMBs that already use a cloud service. This study has also reinforced a number of things to me, one of them being that gaps are likely to exist between perception and reality; and this dynamic is not unique to technology decisions. Still, people can change their point of view and regularly do. When I think of Munich where our German results are releasing, I think of the world-renowned beer culture and Oktoberfest, which is celebrating its 203rd anniversary this year. The reality is that there are also numerous excellent restaurants ready with fine German Eisweins (Icewines) and Rieslings, providing a ready alternative in social settings. These days numerous Michelin restaurants co-exist with beer halls all inside the old walled city, providing a number of choices for a wide range of visitors. There’s much more to Munich’s liquid choices than I originally thought.