Posted by: Brendon Lynch, Chief Privacy Officer
As we increasingly rely on technology for many aspects of our lives, the amount of data created continues to grow at an exponential rate. An important challenge for organizations is to provide privacy statements describing the collection, use and protection of data that are straightforward, yet comprehensive. Clarity and simplicity are key for time-pressed consumers, but large enterprises, governments, and other high-tech savvy individuals often need highly detailed information to use online services with confidence.
With each of these audiences in mind, we are unveiling initial improvements to the look and feel of many of our online privacy statements. We believe the changes enhance the appearance and functionality of our privacy statements, and enable us to more effectively layer important information. Our hope is that the changes will make privacy information easier to locate and use for many consumers.
By Tim Rains, Director, Trustworthy Computing
I want to draw your attention to a type of malicious software that has been emerging in increasing numbers in several parts of the world. “Ransomware” is a type of malware that is designed to render a computer or its files unusable until a ransom is paid to the attackers. Ransomware often masquerades as an official-looking warning from a well-known law enforcement agency, such as the U.S. Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London.
It’s important for small and medium sized businesses to be aware of this type of threat and take precautions to defend themselves from it, because if attackers successfully lock the business out of their systems or encrypt their files, it could have a devastating impact on their business. The good news is that it is fairly easy to help protect yourself from this type of threat. See more >>
By Adrienne Hall, General Manager, Trustworthy Computing
In my prior two posts, I discussed my first two Suggested New Year’s Resolutions for cloud providers in 2014:
Suggested Resolution #1: Reinforce that security is a shared responsibilitySuggested Resolution #2: Be precise about what the service does, and doesn’t do
Today, I want to offer my third and final resolution: Avoid acronym soup when discussing cloud services.
See more >>
Today at the CSA Congress, I had the opportunity to give a presentation on how organizations can benefit from cloud computing and some of the ways Microsoft is working to build trust in the cloud. We know that cloud providers can help improve security and reliability for their customers, while giving them more time to focus on running their own businesses.
I also talked about some of Microsoft’s customers that see cloud services as an important strategic asset that helps grow their businesses and deliver more value to their own customers. One of those companies is Genetec, which provides Internet Protocol (IP) video surveillance and other security services in over 80 countries. See more >>
Happy 2014! The arrival of a new year is always a great time to reflect on where you’ve been over the past 12 months, and more importantly, where you are headed. I was recently asked to share some New Year’s Resolutions for cloud providers for an article in Security Week and I thought I’d expand a bit more on those and share them with you.
Let’s start with Suggested Resolution #1: Reinforce that security is a shared responsibility.
Posted by TwC StaffIf you are a regular reader of this blog, you know about many of the ways Microsoft works to improve security in our own products and services, as well as the broader technology industry.
Today, I’m pleased to share an update on another important security offering, the Enhanced Mitigation Experience Toolkit (EMET). EMET helps prevent attackers from gaining access to computers, works well in the enterprise, and protects across a wide range of scenarios. See more >>
By David Bills, Chief Reliability Strategist
Reliability continues to be top of mind for everyone involved with online services. Today we are publishing an updated version of our whitepaper “Introduction to Designing Reliable Cloud Services”.
The paper describes fundamental reliability concepts and a reliability design-time process for organizations that create, deploy, and/or consume cloud services. It is designed to help decision makers understand the factors and processes that make cloud services more reliable. Read more >>
Data classification is one of the most basic ways for organizations to determine and assign relative values to the data they possess. By separating data into categories based on sensitivity (high, medium or low, for example), an organization can set protections and procedures for managing that data accordingly. This process can yield significant benefits, such as compliance efficiencies, improved resource management, and facilitation of migration to the cloud. Read more >>
By Brendon Lynch, Chief Privacy Officer
Today my colleague Matt Thomlinson, Vice President, Microsoft Security, was on a panel entitled “Rebooting Trust? Freedom vs. Security in Cyberspace” at the long standing (it is in its 50th year!) Munich Security Conference.
He also discussed a number of efforts afoot to protect customer data from government snooping: expanding encryption across our services; reinforcing legal protections for our customers’ data; and enhancing the transparency of our software code, including establishing a number of locations called Transparency Centers, to enable even greater assurances of the integrity of our products and services.
Matt announced that Microsoft will open a Transparency Center in Brussels, one of several around the world. Read more >>
By Mike Reavey, General Manager, Trustworthy Computing
Today, at the RSA Conference Europe in Amsterdam, I gave a presentation on an important update to Microsoft’s security efforts – Operational Security Assurance (OSA). The design of a secure operations methodology is part of our ongoing commitment to enable trustworthy computing in all aspects of our online services, and OSA represents the next evolution of these efforts.
Since 2004, the Microsoft Security Development Lifecycle (SDL) has helped developers to build more secure software from the ground up. But the job doesn’t end there. Attacks do not necessarily target weaknesses in software. Some attacks are operational in nature, while others, like the Flame malware, target both software vulnerabilities and operational weaknesses. Defending cloud services against network attacks requires both strong development practices, like SDL, and a strong operational security regime. The following list includes a number of ways that OSA adds considerable value to the focus on infrastructure issues and operational security.. Read more