David Bills, chief reliability strategist, Trustworthy Computing
The complex nature of cloud computing means that as cloud service providers, we need to be mindful that things will go wrong – it’s not a case of if, it’s strictly a matter of when. Cloud providers need to design and build their services in such a way to maximize the reliability of the service and minimize the impact to customers when things do go wrong. A key facet of this approach is business continuity, or ensuring that critical business functions continue to be available, even in the event of a catastrophe. With that in mind, I was recently interviewed for the winter edition of the Disaster Recovery Journal – a journal which focuses on the business continuity planning profession
When I talk about reliability I’m referring to the outcome all service providers aim for. The notion that the service works as it was designed to, and responds in a predicable fashion when it is needed. One way to improve reliability is to build a service that is resilient – it has the ability to withstand certain types of failure and yet remain fully functional from the customers’ perspective.
Posted by Jacqueline Beauchere, director, Trustworthy Computing, Microsoft
Microsoft and others in the technology industry have long maintained that helping to keep individuals and families safer online is a “shared responsibility” – among industry, government, law enforcement, civil society, and consumers themselves.
This notion requires the collaborative commitment agreed to in the recently released 19-page report, “Involving Intermediaries in Cyber Security Awareness-Raising.” This release follows a day-long information-sharing event in Brussels, sponsored by the European Commission and ENISA – the European Network and Information Security Agency. Forty-five EU and U.S. representatives from the public and private sectors participated, where discussions centered on cross-border cooperation and the importance of public-private partnerships (PPPs).
I had the privilege of being the sole delegate from the United States, representing the National Cyber Security Alliance (NCSA), one of Microsoft’s key online safety partners. My presentation focused on the work of the U.S. Department of Homeland Security (DHS) and the NCSA, most notably, National Cyber Security Awareness Month (NCSAM) and its signature STOP. THINK. CONNECT.™ (STC) awareness campaign, a sterling example of a successful PPP.
Posted by: David Bills, chief reliability strategist, Trustworthy Computing
Cloud computing and cloud services are emerging as new solutions for many organizations seeking to reduce costs and increase productivity. It’s an exciting and challenging time for the services industry as more and more organizations move their applications and IT services to the cloud.
When I speak to customers about cloud services, security, privacy and reliability are the three primary topics they consistently ask about. Across the industry I see a number of organizations focused on improving security and privacy but not a lot of emphasis is being placed on reliability. It seems as if many are still trying to get a handle on how to operate a highly reliable service.
Reliability is ultimately about customer satisfaction, which means managing reliability is a more nuanced challenge than simply measuring uptime. For example, you can imagine a service that never goes down but might be really slow or difficult to use on a regular basis. I’ll argue no one is going to be happy using that service, despite privacy principles being consistently applied and security practices being among the best in the industry. In short, reliability is just as important and warrants an appropriate level of engineering investment from the service provider to truly satisfy all of the customers’ requirements.
Posted by Kim Sanchez, director, Trustworthy Computing Communications, Microsoft
On average, adults in the U.S. have experienced at least eight different types of online scams. According to the Microsoft Scam Defense Survey, individuals are most vulnerable to risks such as fraudulent and malicious links, online identity theft, and the loss of sensitive personal information. Deceptive tactics are becoming even more effective at tricking even the most aware. For example, rogue security software often disguises itself as virus alerts, displaying fake warnings with the intent to confuse unfamiliar users. Consumers can learn to become more savvy when it comes to identifying these scam attempts by using the new Real vs. Rogue Facebook app from Microsoft. This app features an interactive quiz that uses actual scam screen images to walk people through a number of security scenarios, and helps them learn to tell if a security warning is from real antivirus software or from rogue security software.Sixty two percent of adults doubt they will ever fall victim to an online ruse, yet only 12 percent said they feel fully protected. As part of shoring up defenses against online fraud, the Real vs. Rogue Facebook app can help people learn to think twice before clicking on a security warning.
By Jacqueline Beauchere, director, Trustworthy Computing
This year was an exciting one for online safety at Microsoft. We continued our long-standing commitment to individuals and families by offering tools and guidance they need online – everything from new products such as Windows 8 with enhanced parental controls; to our continued collaboration with groups like the Family Online Safety Institute and the National Cyber Security Alliance (NCSA). We acknowledged support of The United States’ and the European Union’s Joint Declaration to help reduce the risks and maximize the Internet’s benefits for young people. The increased focus on global online safety led to my appointment as Microsoft’s first Chief Safety Officer, a role that I will formally assume in March 2013.
So, it’s fitting that to cap 2012, we are releasing our first “Year in Online Safety” report, a 10-page paper that describes our initiatives, projects, and programs that help create safer, more trusted computing experiences. We’ve also highlighted what we think are some of the most important trends in online safety, and where they may be headed next year.
By David Bills, chief reliability strategist, MicrosoftIn a recent post on GigaOM, Katie Fehrenbacher summarized Microsoft’s plans for a biogas-fed data center research project in Wyoming. As I reflected on the points in Katie’s article, as well as the detailed description of the project written by Microsoft’s program manager Sean James, I began pondering the reliability-related implications of effectively reducing the reliance large-scale data centers have on the electrical grid. In view of the recent challenges many data center operators faced in the aftermath of Hurricane Sandy, I think research and development projects like this one are essential. From a reliability perspective, the notion of highly-localized, cost-effective, abundant and most importantly, dependable energy sources being closely coupled to energy consumers, (like data centers), and decoupled from monolithic, complex, (and arguably unreliable), systems like the grid makes a lot of sense. In addition, the economic benefits and environmental benefits are described in the referenced article, and I encourage the reader to take a look.
By Tim Rains, director, Trustworthy Computing
Almost every CISO or executive with security related responsibilities that I have talked to over the past couple of years has expressed interest in learning how to improve their security posture to better mitigate the risks posed by “APT” (Advanced Persistent Threats) style attacks. At Microsoft we don’t use the term APT because these attacks are typically based on old, well understood tactics and technologies, i.e. they aren’t really “advanced.”For example, one thing these attackers typically try to do is steal user names and passwords from networks they compromise so that they can get access to more resources and stay on the network undetected for as long as possible. One type of attack they use as a matter of course is called “pass-the-hash.” This involves stealing the hashed version (a one-way mathematical representation) of user names and passwords from a compromised network and using those credentials to obtain access to network resources and data. There has been a considerable amount of research and tool development in this area over the years that has made it easier for attackers to perform pass-the-hash and other credential theft and reuse attacks.
By Jeff Jones, director, Trustworthy ComputingWhen the winds and waves of Hurricane Sandy bore down ferociously on New York City, Microsoft partner WorkITsafe helped two customers upgrade to the Windows Server 2012 operating system with the new built-in Hyper-V Replica feature. As a result, their IT systems experienced minimal interruption as the hurricane flooded the surrounding area and required employees to hunker down at home. In this blog post, WorkITsafe President Steve Rubin tells how Windows Server 2012 protected his customers’ businesses—and has the potential to protect many more.
Posted by Adrienne Hall, General Manager, Trustworthy Computing, Microsoft
Today I did some color-blocking. This means I put on an outfit with two colors – black and navy, interspersed from head to toe. In doing so, I was updating my look and getting a little more modern as a result! With technology, there’s always something new and interesting to modernize the ways we live our lives. It might be a new phone (I picked the Windows 8 HTC), or it may be Skype-coaching my mother who is absolutely enamored with the product uttering, “I see you, I see you!” each time the session engages and was most intrigued by the ability to talk and text at the same time. As technology continues to evolve and influence our digital lifestyles, we must be ready to adapt and respond to both enjoy the potential of new things and understand how to use them safely. The topic of online safety is one we’ve been investing in for years, yet there’s always something that comes along prompting new learning and information.
Posted by Jacqueline Beauchere, director, Trustworthy Computing Communications, Microsoft
Fewer than 15 percent of U.S. undergraduates are pursuing degrees in science and engineering. U.S. math and science test scores lag those of other nations, chiefly China and India. U.S. high schools are falling behind the rest of the world in computer science, and too few women and minorities are employed in science, technology, engineering and math (STEM) fields.
STEM subjects are arguably the foundation of our global economic future. Such skills are essential for almost any job, and are certainly imperative for nations to compete in an evolving marketplace. Indeed, STEM expertise likely holds the key to daunting global challenges, such as healthcare, hunger, poverty, and climate change. The U.S. Labor Department projects that by 2014, the U.S. will have more than two million job openings in STEM fields. The bottom line is: Will we be able to fill them?