Mike Howard is the Chief Security Officer at Microsoft. In this article Mike provides a powerful insight into how Microsoft runs it’s security operation on a global basis.
At the end of 2010 Microsoft Global Security was at a crossroads, how could we meet the continuing needs of our business to deliver a world class secure working environment, while remaining efficient, driving down our costs and improving productivity by using scalable and extensible solutions.
We realized that the cloud was the most viable option to help meet our goals, and we would need a strategy to understand, develop and put in place cloud security. Fortunately, for us the needs of Global Security and the business of Microsoft were in alignment. For MSGS, cloud technology is a priority, it wasn’t mandated – we chose it, understanding the benefits it would provide.
Cloud innovation can be compared to the development of the printing press – in that in the security cloud, users can consume security applications without owning the infrastructure, just as readers of books do so without owning a printing factory. Cloud technology, lowers or eliminates the transaction cost of existing functions. It enables previously unthinkable functions to become affordable because they can be delivered on a mass scale, in a cost effective manner.
When we looked at the cloud, the questions we asked were:
This business value has come in many forms.
For example; during a crisis situation abroad, we can use the cloud to quickly visualize where traveling Microsoft employees are. The cloud provides relevant information from several sources at once, in a few clicks Global Security knows who needs to be contacted, and where. With cloud based partner apps from conTgo, MapCast and IDV Visual Command Center we are better able to save lives because having the right information enables quick response which is key in life threatening situations. Here is an example of how we used these tools during the Arab Spring
Going forward there is greater flexibility and opportunity to deliver many new security functions with real-time data, as a consumable experience to anybody, anywhere, anytime. There are also new opportunities for functions that have yet to become mainstream and the cloud is an ideal mechanism to deliver them as-a-service.
As we reached the realization that apps as we know them today will become a consumable service, the Cloud became an “all-in” proposition for Global Security. Good things are built on a solid foundation. The reality is that the foundation requires the right environment in which it can be developed and tested and Microsoft provides that environment.
As we continue our journey to the cloud, we’re exploring new possibilities for the delivery of security services on platforms and devices that did not exist even a short time ago. The possibilities that this family of devices and platforms offer are phenomenal, and even more exciting, is the opportunity to make a meaningful difference when it comes to saving lives. This sharpens our focus.
Mike Howard
Chief Security Officer - Microsoft
Try out Windows Azure for free and see how you can benefit from high availability and flexible resources.
Find out more about how Microsoft Global Security uses technology
Many of you were asking about whether the slides would be made available after the Windows Server 2012 UK Launch event and I am pleased to say the slides are now here. I don’t have a copy of the video from the day yet but this should give you an overview of what was included in the event.
Useful Resources:
Join the Microsoft TechNet team for our first ever session about Windows 8. Learn hands-on alongside our expert evangelists as they introduce Windows 8 for the Enterprise.
We’ll introduce the changes that Microsoft have made beyond the Modern UI that will help Enterprise companies. From the new Windows 8 application distribution, desktop virtualisation, more powerful and simpler ways to work remotely and exciting new capabilities such as Windows ToGo.
Find a camp now
This post was brought to you by Anthony Sutcliffe, an independent consultant – Anthony is an all round technologist with an active interest in security, strategy & planning, BC / DR, SharePoint (which he thinks is a massively under-utilised product), Exchange, SQL, DPM (which according to Anthony is the best product Microsoft ever produced that they don’t promote).
You’ll fine Anthony here on Twitter and LinkedIn. When I asked Anthony why he wanted to write this post here’s what he said…. “I wanted to write this post as I thought that it was a cracking good day, well run with lots to see and learn. I think that it’s important to make sure that everyone knows how valuable these sessions are.”
Look out for future events in the TechNet Flash Newsletter.
There has been considerable discussion about the new server operating system from Microsoft; Windows Server 2012. A number of dates were announced for the official launch presentations around the UK and as I was due to be in London during the week, I thought that I would make the time to get along and see what all the fuss was about.
The conference room at the Novotel was quite large and it needed to be; there were just over 1,000 delegates at the event, covering a wide range of industrial sectors, resellers, consultants as well as some end users. A few of these had previously had the opportunity to see the beta product, but for most, this was their first look.
As the event was just a single day, it was impossible to cover all of the aspects of the new operating system; however, the various speakers were able to focus on some of the key features and perform a number of demonstrations to show these and highlight the main benefits. Although there were a few technical mishaps (not uncommon in a demo of a new product), the presentations were generally smooth, slick and illustrated the specific feature very well.
What was clear from the various demos was that the new OS is aimed very squarely at providing major improvements in the way that IT staff will work in the future. PowerShell featured quite significantly and it’s clear that this is something that all system administrators must get to grips with if they haven’t done so already. I was also very impressed with the facility to add and remove the server GUI which will significantly reduce the potential attack vectors and make a system more secure.
Iimprovements in the virtualisation processes were also featured; the audience were clearly very impressed with the enhancements as these will make it much easier and quicker to scale resources up or down to meet changes in demand as required. There were a number of other items of interest; issues with cloning servers running key services have now been addressed to make the process easier. The overall administration of Virtual Machines also appears now to be a lot smoother than before.
Virtual Desktop Infrastructure was highlighted and they were able to show just how simple it can be to rapidly provision sessions and roll them out to end users without them even having to be on site; possibly even using equipment from outside of the domain. There are some enhancements to the Remote Desktop feature which will provide an improved end user experience that means those that have previously found this to be unsuitable should seriously consider it again.
It was also clear that the new OS is designed very specifically to provide cloud based capabilities, public and private. Many of the features are clearly designed for those larger companies that need the flexibility across a large landscape. However, even small enterprises could make use of these and the savings in time, resources and money will make this something that has to be considered by everyone.
As always at Microsoft events, there were some rather interesting freebies; but on this occasion, they were also giving away some HP Micro Servers that have previously been featured in a TechNet competition. These devices are suitable for testing out the full capabilities of the new OS and 30 lucky people now have the means to try this out for themselves. Although I wasn’t one of those fortunate few, I’m sufficiently impressed with the new OS that I will be looking around to find some suitable hardware that will allow me to start my own investigations.
The Microsoft Marketing materials insists that Windows Server 2012 is “game changing”; this might be seen as a bit of hyperbole, but it’s obvious that the new OS does have some really strong features and some significant enhancements to the way that it works. The general reaction from those present was that Windows Server 2012 really does seem to be a major step forward. It’s clear that it is a really robust and powerful product and everyone currently managing Windows Servers should be thinking about when, not if, they will be moving to the latest Server suite from Microsoft.
Anthony Sutcliffe
Try Windows Server 2012 Now!
You can also read about the Windows Server 2012 launch event from a Microsoft Partner perspective here: http://blog.thefullcircle.com/2012/09/winsrv2012-techlaunch/
The Presentation Slides from the launch event are now available and can be found here:
http://sdrv.ms/TbGmKX
Last week was a week full of useful articles, hints and tips as well as insights into learning and training. You will find content from both our MVP’s, Microsoft Training Partners and the IT Professional community.
We also has the launch of Windows Server 2012 last week and this week we’ll be posting some great content that came out of the launch event and share that with you.
We’ve just announced a fresh round of free one-day hands-on camps in the UK for Windows Azure developers and IT Pros.
Windows Azure Camps for developers:
Join us at a developer camp which focuses on the Platform-as-a-Service (PaaS) features of Windows Azure. Mostly this means Windows Azure Cloud Services, Windows Azure Storage, Windows Azure Active Directory, Windows Azure Service Bus, Windows Azure SQL DB, and Windows Azure Websites. A camp will take you from knowing nothing about the cloud to actually having deployed a simple application to the cloud and made it available on the public Internet. Once you have the basics in place, you'll be up and running.
· 16th November – London - Windows Azure Camp for Developers
· 28th November – London - Windows Azure Camp for Developers
· 7th December – London - Windows Azure Camp for Developers
Windows Azure Camps IT professional: These camps have been designed for IT professionals who want to get up to speed. The focus of the day is on the Infrastructure-as-a-Service features; Virtual Machines and Virtual Networks.
· 23rd November – London - Windows Azure Camp for IT professionals This event has been cancelled.
To find out about our Six Steps of Windows Azure programme, click here. If you have any questions, please email ukmsdn@microsoft.com
Six Steps to Windows Azure – Starts on 8th and 9th November:
Six Steps to Windows Azure programme which offers a series of free technical events and online sessions on the Windows Azure Platform. The programme aims to guide those currently building apps or considering the cloud on how to take full advantage of Windows Azure. Our upcoming events will cover both the technical and commercial aspects of adopting Windows Azure.
Here are the kick off events; register now.
Windows Azure in the Real World - 8th November 2012
Get started with Windows Azure by seeing how companies have implemented real world solutions for different types of Azure workload. Join us if you currently building applications, considering moving to the Cloud and want to understand how to take full advantage of the Windows Azure Platform.
Register
Advanced Topics in Windows Azure - 9th November 2012:
Join us to tour the latest features of Windows Azure from Media and Mobile services to Windows Azure Active Directory. The day will explore the opportunities Windows Azure offers with Windows 8 and the latest Phone Toolkits (iOS, Android and Windows Phone).
What’s next? Here are the upcoming themes. Registration will open shortly.
· Step 2: Architecture and Design (13 November)
· Step 3: Integration with Mobile and the New World of Apps (3 December)
· Step 4: Open Source Development (14 January)
· Step 5: HPC (4 February)
· Step 6: Big Data (24 February)
If you have any questions please email ukmsdn@microsoft.com or keep an eye on this blog for the next update.
Heinrich Van Der Westhuizen is a technology entrepreneur with more than 17 years’ experience in IT and has managed different businesses within Europe across multiple IT disciplines. Heinrich works for Digital Defence who provide mobile defence solutions.
Secure Mobile, encrypts and protects selected data and centrally enforces security policies on mobile devices – Secure Mobile is a true enabler for Mobility.
TechNet UK invited Heinrich to provide the details of what Digital Defence is as we know that many of you are interested in your staff being able to use devices on your systems anywhere. When looking at corporate owned devices the technology provided by Digital Defence provides a potential solution when looking at security for this environment. Hear from Heinrich about this technology and how it may be applicable in your organisation.
How Secure Mobile Works
Secure Mobile provides real-time encryption of persistent data using 128 or 256 bit AES encryption employing the XTS cipher mode which has been FIPS 197 certified. This is a relatively new cipher mode for encryption specifically designed for at-rest data. Persistent data refers to any data which remains persistent after a factory reset of a handheld device (i.e. storage cards or persistent local folders such as the /application folder on Motorola devices). The encryption is seamless to the user, meaning all encrypted data is encrypted and decrypted in real-time by use of a file system filter driver. Each file is encrypted using a different encryption key to another. Each file’s encryption key is determined by data part stored in a file’s contents, part (securely) stored in the device’s registry. The encryption key data is protected by device authentication which integrates with the Microsoft LASSD system.
Encrypted data access can be restricted to specific applications to ensure unknown (or undesired) applications will never be able to access the encrypted data. This is achieved by White Listing (and Black Listing) applications from execution and encryption access. All data connection ports are protected using Secure Mobile’s Access Control module. This ensures all means of transferring data to and from the device can be restricted to only secure channels. WWAN, WLAN, and USB channels can all be White Listed to ensure only specific secure networks (or connections) are used for data transfer.
How Secure Mobile Works II (File System Driver vs. File Vault)
Strictly speaking, we are not a “File Vault”. A File Vault is a single file that appears to the user as a folder location. So the storage folder is stored internally as a single file.
Secure Mobile uses a file system filter driver. This means we intercept all file reads and writes effectively acting as a second file system driver in the Kernel.
We only encrypt storage locations that remain persistent after a clean boot (factory reset). This includes local storage areas which are flagged as persistent (or permanent). On Motorola devices this is the “\application” folder.
We do not encrypt local storage folders that are wiped after a factory reset (i.e. the “\windows” folder).
Yes our solution is system wide. In this way, Secure Mobile is independent of any applications installed. Any time an applications tries to read or write data it is automatically decrypted and encrypted without the application needing to worry about it (or even being aware of it). Of course if you Black List an application from encryption then that application cannot read and write data to the locations marked for encryption.
If Storage Cards are marked to be encrypted, then every single file on a storage card will be encrypted.
If Local Persistent folders are marked to be encrypted then every single file on local persistent folders will be encrypted.
Device Wipe with Secure Mobile
Secure Mobile provides the ability to set a security policy which will force a device wipe as a result of a "security compromise". Secure Mobile can force a device wipe if: - a user is locked out of the device after X failed login attempts. - a user has not used the device for X days. - a user has not connected the device to a pc for X days. Secure Mobile does not currently provide the ability to immediately "Remote Wipe" a device. Secure Mobile can be setup to keep data on storage cards during a device wipe. A device wipe will attempt to delete every file and registry entry. A device wipe will result in a mobile device which cannot be used due to the removal of key system files and registry entries. The result is that the device needs to be factory reset (clean boot).
Recently IT Pro publication released a new report on Big Data… Does it represent a big opportunity or even bigger problem when it comes to your business?
You can download the report here:
Download the report now
JOIN MICROSOFT AND DAVID CHAPPELL, TECHNOLOGY ANALYST AND AUTHOR, FOR EXCLUSIVE INSIGHTS ON THE ADOPTION OF ENTERPRISE CLOUD COMPUTING Public cloud platforms are entering the mainstream. If you’re an IT leader, you need to have a clear view of what this technology offers and how it will impact your organisation.
Join an invited group of IT leaders in exploring the path to the cloud. Led by cloud computing thought leader David Chappell, Principal of Chappell & Associates in San Francisco, California, this session will provide an independent perspective on the topic, using Microsoft’s Windows Azure as an example.
Public clouds represent the next big platform decision you have to make. The goal of this conversation is to help you make better choices about why, when, and how your organization should embrace this significant shift in enterprise computing.
About David Chappell (homepage)
David Chappell is Principal of Chappell & Associates in San Francisco, California. David has been the keynote speaker for more than a hundred conferences and events on five continents. His books have been published in a dozen languages and used regularly in courses at MIT, ETH Zurich, and many other universities. David has also been a Series Editor for Addison-Wesley and a columnist for several publications. David's comments have appeared in The New York Times, CNN.com, and many other publications.
08.00-08.30
Arrival, Breakfast & Coffee
08:30 - 11:00
David Chappell Keynote: Choosing your next Cloud Platform
11:00 - 12:00
Real life stories of cloud adoption and discussion
12.00
Close and Networking
The topics he’ll cover include:
You can register here, or via telephone on 0870 166 6670 with event reference 1914.
We hope to see you.