Posted by: Brendon Lynch, Chief Privacy Officer
As we increasingly rely on technology for many aspects of our lives, the amount of data created continues to grow at an exponential rate. An important challenge for organizations is to provide privacy statements describing the collection, use and protection of data that are straightforward, yet comprehensive. Clarity and simplicity are key for time-pressed consumers, but large enterprises, governments, and other high-tech savvy individuals often need highly detailed information to use online services with confidence.
With each of these audiences in mind, we are unveiling initial improvements to the look and feel of many of our online privacy statements. We believe the changes enhance the appearance and functionality of our privacy statements, and enable us to more effectively layer important information. Our hope is that the changes will make privacy information easier to locate and use for many consumers.
By Brendon Lynch, chief privacy officer, Microsoft
At Microsoft, we have some of the world’s top privacy researchers working on a wide variety of interesting challenges. We strive to translate this research into new privacy-enhancing technologies.
Today, we’re releasing a new whitepaper on Microsoft’s research in Differential Privacy written by Javier Salido on my team. To help set the stage, I’d like to provide some background on this timely topic.
Over the past few years, research has shown that ensuring the privacy of individuals in databases can be extremely difficult even after personally identifiable information (e.g., names, addresses and Social Security numbers) has been removed from these databases. According to researchers, this is because it is often possible, with enough effort, to correlate databases using information that is traditionally not considered identifiable. If any one of the correlated databases contains information that can be linked back to an individual, then information in the others may be link-able as well.
Posted by: Adrienne Hall, General Manager, Trustworthy Computing
Any conversation I have with a customer that hasn't yet adopted a cloud service includes the topic of security at some point. It isn’t surprising that security frequently tops the list of cloud adoption items; yet I believe it should be on the list of top cloud adoption benefits.
A common area explored by organizations considering the cloud, small to mid-size businesses, or SMBs, often don’t have the built-in security expertise that larger entities do. This makes it difficult for them to spend time and expertise to assess the benefits of cloud computing.
In commissioning an independent study with groups of SMBs that both use and do not use cloud services in the U.S., Singapore, Malaysia, India and Hong Kong. We hoped to evaporate, okay – more realistically – lessen, concerns about security for prospective customers. Our goal was to see what, if any, security benefits companies that use the cloud realize, and to better understand the concerns of companies that have not yet adopted cloud services.
Still Running Windows XP? Upgrade Now to Reduce Security Risks
Posted by Adrienne Hall, general manager, Trustworthy Computing
As of April 8, 2014, customers and partners will no longer receive security updates for Windows XP, or get Microsoft tech support for Windows XP.
Without security updates, a PC running Windows XP will become more vulnerable to viruses, spyware, and other malicious software. If your business is currently running Windows XP, now is the time to consider upgrading to a modern operating system.
See more >>
I just got off the stage at RSA Europe in London where I delivered a keynote during which I announced the release of our bi-annual Security Intelligence Report (SIRv13) and a new free Cloud Security Readiness Tool. If you’ve ever been to an RSA event you’ll know that the audience comprises security professionals from a range of organizations, including government agencies and some of the world’s largest companies.
Faced with an audience of around 1,000 IT security pros I kicked off with a story about a recent holiday - not the traditional start to an RSA talk. I explained how, in a restaurant in the middle of a tiny town on a remote island off the coast of Croatia I heard a local news report that mentioned the Gauss malware several times.
The point of my story was that cyber threats are increasingly an everyday fact of life for the world’s consumers. For us as security professionals, information and intelligence will continue to be critical to managing the potential impact of cyber threats. This is why we at the Trustworthy Computing Group work hard to produce the Microsoft Security Intelligence Report (SIR), the 13th volume of which, also known as SIRv13, was released during my keynote today.
Posted by: Matt Thomlinson, General Manager, Trustworthy Computing Security
Today, I am excited to announce the inaugural Security Development Conference will be held in Washington D.C. on May 15-16. This event will bring together business decision makers, security engineers, managers of software security processes, and security policy makers from companies, government agencies and academia. Attendees will learn from security experts and build professional networks that accelerate adoption of holistic and proactive security development practices.
Ten years ago, Microsoft announced the creation of Trustworthy Computing. Since then, the Security Development Lifecycle (SDL) processes and tools we implemented at Microsoft and shared publicly have been studied and applied by both software vendors and other organizations that build a variety of hardware and software. Today, security professionals who previously asked “why should I implement the SDL” are asking “how do I implement the SDL within my organization?” Technical decision makers, business decision makers and governments are becoming increasingly aware that present-day operational security protections and regulatory compliance are not sufficient to protect the applications and infrastructures that people rely on every day. The increased demand for a more holistic and prescriptive secure development methodology has evolved into a growing community of practitioners well beyond Microsoft.
Posted by: Paul Nicholas, senior director, Trustworthy Computing
Earlier this week at the Budapest Conference on Cyberspace 2012, the UK Government announced the establishment of the Centre for Global Cyber-Security Capacity Building. In an effort to combat the growing global cyber threat problem, the Centre will focus on areas such as fostering greater international collaboration, increasing access to security expertise and information sharing, and promoting good governance practices online. This effort comes at a critical inflection point in cyberspace driven by the widespread adoption of technology. According to the World Economic Forum, 70 percent of the world’s population lives in countries that are in the process of coming online.
Recent Internet research shows the online population is expected to grow to over three billion people in 20161; devices will likely exceed 50 billion2; and overall data may increase more than 50 times by 20203. The continued growth in people, devices, and data becomes an attractive target for criminals who seek to gain access to valuable information or in some instance disrupt operations. Clearly, the benefits of using the Internet far outweigh the risks, but in order to create safer, more trusted computing experiences, the private sector and governments must work together.
By Jacqueline Beauchere, director, Trustworthy Computing As we near the end National Cyber Security Awareness Month 2012 (NCSAM), we continue our focus on the problem of online fraud. Online schemes victimize millions of unsuspecting people every year. In the United States alone, the FBI’s Internet Crime Complaint Center recorded 300,000 fraud complaints last year with an adjusted dollar loss of nearly half a billion dollars.
Earlier this month, Microsoft released our Scam Defense Survey, which revealed that the top five most common scams encountered by adults in the U.S. were lottery scams, advance-fee fraud, phishing attacks, and fake anti-virus alerts. The results demonstrate the need for individuals to take action and help safeguard their digital lifestyles by highlighting the evolving complexity and sophistication of these schemes. Case in point: 62 percent of people surveyed said they doubt they’ll ever fall victim to an online scam, yet only 12 percent said they feel fully protected.
Today, Microsoft is releasing a new 12-page booklet to arm consumers with the knowledge they need to help avoid the most common types of online scams.
Posted by: Jeff Jones, director, Trustworthy Computing
If you are part of senior management in any company, you probably spend a lot your time mitigating risk. Is the economy going to help or hurt our bottom line? Is our turnover rate too high? Will our innovative new product ship on schedule?
What about supply chain risk? Over the past few years, supply chain risk has become a topic of focus for governments around the world concerned with protection of critical infrastructure. But in your national or global business, is your infrastructure any less critical to you, your employees and your customers?
Today, The Economist published two thought-provoking articles (here and here) on supply chain risk and concerns. While these articles focused on one particular Chinese telecoms company, interviews with experts from across the industry led the author to a broader conclusion that, “techno-nationalism is not the answer” to supply chain challenges.
Posted by: Tim Rains, Director, Trustworthy Computing
Lori Woehler, senior director in the Microsoft World Wide Public Sector team, joins me to discuss how Microsoft World Wide Public Sector works with government, health care, education, public safety, and national security customers globally.