Are You and Your IT Staff on The Same Page?
For business leaders to make sound decisions related to ITsecurity, they need clear, timely information that maps to business goals.
Unfortunately, many IT professionals could do better in communicatingwith executives, according to a recent study conductedby the Ponemon Institute for the IT security firm Tripwire.
Posted by Jacqueline Beauchere, Chief Online Safety Officer, Trustworthy Computing, Microsoft
When I officially assumed my new role this spring, I began a “listening tour” with the goal of further shaping Microsoft’s impact in helping to create safer, more trusted online experiences for individuals and families. I’ve spoken with—actually interviewed—dozens of influential people both inside and outside Microsoft, in the U.S. and around the world, who have chosen to make Internet safety their life’s work. Eighty-five conversations later (and counting), I’ve been gathering perspectives as to the current state of global online safety, the evolving risk-landscape, current hot topics, and where we may be headed next.
In this first of a two-part blog, I’d like to share some of those themes, including insightful reflections from my interviewees, as well as offer a few thoughts about the discipline of online safety at Microsoft.
One place to start is with a definition. When I asked experts how they define online safety, I was often met with quizzical stares or silence on the other end of the telephone line. Indeed, people who focus on online safety, or have even a portion of it as part of their day-job, know and understand what it means. But, to others, it might not be as clear. I often invoked the now-famous phrase coined by U.S. Supreme Court Justice Potter Stewart, who in 1964 was attempting to define a threshold for obscenity: We, in online safety, “know it when (we) see it.” But, to actually articulate some strictures for the field proved somewhat more challenging.
Posted by Adrienne Hall, general manager, Trustworthy Computing
As cloud computing begins to mature, organizations are looking at ways to understand the opportunities and assess their own current IT environment with regard to security, privacy and reliability practices, policies and compliance. To help organizations make informed security decisions and evaluate IT readiness for moving assets to the cloud, I recommend two resources:
First, the Cloud Security Alliance’s Security Guidance for Critical Areas of Focus in Cloud Computing guidance provides enterprises with a set of best security practices based on 14 domains involved in governing or operating the cloud. The domains align with industry standards and best practices and are written to emphasize security, stability and privacy. The CSA recommends that organizations adopt a risk-based approach to moving to the cloud and selecting security options. Their approach can help IT leaders make more informed security decisions and help reduce risk when adopting the cloud.Last fall I announced Microsoft’s new free Cloud Security Readiness Tool, which builds on CSA’s Cloud Controls Matrix (CCM). The tool provides organizations with a solid baseline into their current security, privacy and reliability practices, understand relevant regulations, and determine their readiness for cloud adoption. The tool offers a short survey and custom report to better understand systems, processes, policies and practices and evaluate how to improve your current IT state. Technical business leaders can evaluate cloud services against critical areas and compliance within common industry standards.
Posted by Adrienne Hall, general manager, Trustworthy ComputingLast week Microsoft announced three new bounty programs that encourage the security research community to report vulnerabilities in our latest browser. The concept of bounty programs is not new. Our approach is simple – we believe in building smart engagements with the security research community to create meaningful impact across the IT ecosystem. Recent news stories highlight the novel approach and explain how the new bounty programs bring more minds to the table.
All our new bounty programs are designed to work together: • Mitigation Bypass Bounty – Microsoft will pay up to $100,000 USD for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). • BlueHat Bonus for Defense – Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass Bounty submission. • IE11 Preview Bug Bounty – Microsoft will pay up to $11,000 USD for critical-class vulnerabilities that affect IE11 Preview on Windows 8.1 Preview. This includes security bugs with privacy implications.
Post by Kim Sanchez, director, Trustworthy Computing Communications Online Safety
With constant access to Internet-enabled devices, we explore, learn, conduct business, and connect in new ways every day. From supporting important issues on our Facebook feeds and making disaster relief donations through Twitter, to posting captivating moments on Instagram, social media is becoming more prevalent in our daily lives. So it’s no surprise that individuals and families are looking for guidance on ways to have the best experiences online. This is evident as the Microsoft Safer Online Facebook page recently reached its million-fan milestone. We believe it’s a shared responsibility to help educate our global community about the tools and resources we offer through the online channels where we discover and interact.
Posted by Adrienne Hall, general manager, Trustworthy ComputingIf you’ve been following the TwC Blog this week you’ll have read about a blind study we commissioned to compare the way that small to midsized businesses (SMB) in France, the U.K., the U.S. and Germany perceive the cloud in terms of security, privacy and reliability. These answers were then compared with the real experiences of SMBs that already use a cloud service. This study has also reinforced a number of things to me, one of them being that gaps are likely to exist between perception and reality; and this dynamic is not unique to technology decisions. Still, people can change their point of view and regularly do. When I think of Munich where our German results are releasing, I think of the world-renowned beer culture and Oktoberfest, which is celebrating its 203rd anniversary this year. The reality is that there are also numerous excellent restaurants ready with fine German Eisweins (Icewines) and Rieslings, providing a ready alternative in social settings. These days numerous Michelin restaurants co-exist with beer halls all inside the old walled city, providing a number of choices for a wide range of visitors. There’s much more to Munich’s liquid choices than I originally thought.
Posted by Adrienne Hall, general manager, Trustworthy ComputingYesterday I shared some details of a study with U.S. and U.K. small and midsize businesses (SMB) about differences between perception and reality when it comes to security, privacy and reliability in the cloud. We asked SMBs that use an on-premise set up about their perceptions of the cloud and compared their responses to those SMBs using a cloud service.Today I’m pleased to share the study findings for SMBs in France. As with businesses in the U.S. and the U.K., similarly sized companies in France also had views prior to adopting a cloud solution that differed from their cloud using counterparts. Not surprising – I’ve yet to meet a person without a pre-set view on something – and I’m not absent, as well, on this front.
Posted by Adrienne Hall, general manager, Trustworthy ComputingI have some pre-conceived notions. Based on my own travel experiences over the years, I’ve had the view that Seattle’s June weather is consistently colder than London’s. Not so according to a side by side comparison on weather.com, which shows Seattle at an average 1 degree F higher than London over a twelve-month timeframe. This isn’t a big difference, but tells me that my own less scientific point of view was off-base. To the extent that perception does equal reality when there isn’t evidence to the contrary, new information is always valuable. Earlier I shared results of a study with small to midsized businesses (SMB) about the difference between perception and reality when it comes to the security, privacy and reliability of the cloud. In that post, I reported that U.S. SMBs using the cloud appear to be realizing benefits their counterparts still using an on-premise set up, are not.
I’m now here in London to release the small to mid-sized business Cloud Trust Study results for the U.K. SMB cloud users in the U.K. are realizing similar benefits. Fewer internal IT resources needed (58%) and time saved managing IT (49%) were considered the biggest benefits of cloud services. Also, 94% of U.K. SMBs have experienced security benefits in the cloud they didn’t have with their on-premises service, such as up-to-date systems, up-to-date antivirus protection and spam email management.
This week I’m in Europe to share the results of a blind study that we commissioned with comScore to get a pulse on what small to mid-sized businesses (SMB) think about these topics in relation to cloud computing.
The study divided SMB respondents in France, Germany, the U.K. and the U.S. into two categories. The first category were businesses that have “on-premise” computing solutions, and we asked them what they thought of the cloud in terms of security, privacy and reliability. The second group were businesses that have adopted a cloud service, and we asked them the same questions. comScore didn’t ask participants using the cloud for information about the service offering or the service provider so that we could learn about cloud experiences generally and avoid focusing on any specific vendor’s offering or capability; including our own. This also allowed us to look for topical trends, independent of similarities or differences between vendor offerings.
Over the past five years we’ve seen many organizations benefit from their investments in cloud services. A number of factors continue to stimulate this momentum, including cost benefits, the ability to alter capacity quickly, and time back to focus on other areas of their businesses.
These return on investment categories are very important. However, there is one topic –security in the cloud – that is often regarded by some as a barrier to adoption. People also question the privacy and reliability of cloud services. Despite this, there are plenty of reports and studies that offer compelling information about the cloud delivering a trusted and dependable state for businesses – one that is positively contributing to their business success.
With the various cloud pros and cons floating around, we set out to cut through the clutter – to help companies in the evaluation and decision-making stages. Microsoft Trustworthy Computing recently commissioned a cloud trust study conducted by independent company comScore Inc. that focused on small and midsize businesses (SMBs) in the U.S, U.K., France and Germany. The study surveyed cloud users and non-cloud users and it was conducted blind — respondents were not aware of Microsoft Corp.’s connection with the research. Respondents were not qualified in terms of the cloud vendor, products or services they use.
The study had two goals:o To better understand the cloud’s benefits relating to improved security, privacy and enhanced service reliability; better time management; and cost savingso To better understand perceptions about security, privacy and reliability that act as barriers to cloud adoption
For the purpose of the research, we defined cloud users as companies using a subscription model service. For example: data storage, email or calendar and customer relationship management services.
We found some startling contradictions between the views of people that have adopted a cloud service and those that have not. As it turns out, security – in addition to some other benefits – is delivering a silver lining.