By Adrienne Hall, General Manager, Trustworthy Computing
I remember receiving a call approximately four years ago, asking if Microsoft would be interested in sponsoring a new industry association focused on the burgeoning cloud computing market. At the time, many people had not yet heard the term “cloud computing”, and I recall hearing suggestions that this was merely an existing concept getting a new name.
Microsoft has long been a supporter of industry associations and, once we took a look at what the Cloud Security Alliance (CSA) was trying to accomplish, we signed on as a corporate sponsor. The CSA has been a consistent advocate for trust in the cloud and has helped raise awareness of the requests and requirements from customers moving to cloud services – whether they be private, hybrid solutions, or running in a public cloud. The CSA also provides valuable resources to help customers evaluate cloud providers’ ability to address their security needs, such as the Security, Trust & Assurance Registry (STAR).
It is a pleasure for me to now join the CSA board of directors, and I look forward to engaging in a new capacity as the Alliance moves forward. See more >>
By Tim Rains, Director, Trustworthy Computing
I want to draw your attention to a type of malicious software that has been emerging in increasing numbers in several parts of the world. “Ransomware” is a type of malware that is designed to render a computer or its files unusable until a ransom is paid to the attackers. Ransomware often masquerades as an official-looking warning from a well-known law enforcement agency, such as the U.S. Federal Bureau of Investigation (FBI) or the Metropolitan Police Service of London.
It’s important for small and medium sized businesses to be aware of this type of threat and take precautions to defend themselves from it, because if attackers successfully lock the business out of their systems or encrypt their files, it could have a devastating impact on their business. The good news is that it is fairly easy to help protect yourself from this type of threat. See more >>
Posted by TwC StaffIf you are a regular reader of this blog, you know about many of the ways Microsoft works to improve security in our own products and services, as well as the broader technology industry.
Today, I’m pleased to share an update on another important security offering, the Enhanced Mitigation Experience Toolkit (EMET). EMET helps prevent attackers from gaining access to computers, works well in the enterprise, and protects across a wide range of scenarios. See more >>
Posted by TwC Staff
Microsoft recently released volume 15 of the Microsoft Security Intelligence Report (SIR) (download PDF), with insights on security vulnerabilities, exploit activity, malware and potentially unwanted software, spam, phishing, malicious websites, and security trends worldwide.
Threat awareness can help you protect your organization, software, and people, and the SIR is a great source of data to build that awareness. See more >>
By Mike Reavey, General Manager, Trustworthy Computing
Today, at the RSA Conference Europe in Amsterdam, I gave a presentation on an important update to Microsoft’s security efforts – Operational Security Assurance (OSA). The design of a secure operations methodology is part of our ongoing commitment to enable trustworthy computing in all aspects of our online services, and OSA represents the next evolution of these efforts.
Since 2004, the Microsoft Security Development Lifecycle (SDL) has helped developers to build more secure software from the ground up. But the job doesn’t end there. Attacks do not necessarily target weaknesses in software. Some attacks are operational in nature, while others, like the Flame malware, target both software vulnerabilities and operational weaknesses. Defending cloud services against network attacks requires both strong development practices, like SDL, and a strong operational security regime. The following list includes a number of ways that OSA adds considerable value to the focus on infrastructure issues and operational security.. Read more
By Trustworthy Computing Staff
Microsoft has a longstanding commitment to building technology that improves the lives of people of all ages and abilities. We’re proud of the work we do to provide trusted computing experiences for everyone.
Some of that work includes programs to reach people who may not have experienced our technology before, or may not have used it to its fullest extent. A recent example of this is Exergamers NYC, a public-private partnership in which Microsoft collaborated with New York City government agencies to help seniors benefit from using Kinect for XBOX 360 and Skype.
Together, we set up Exergaming programs at senior centers across the five boroughs of New York, enabling seniors to enjoy a fun workout like Zumba or virtual bowling without using complicated machines or heavy objects. Players can also watch their competitors at other locations and engage with them directly over Skype.
For more details on Exergamers, please see this blog post by Bonnie Kearney from our Accessibility team.
Tomorrow I will have the opportunity to keynote at the RSA Conference Europe and discuss the work I’ve been involved with overseeing Operational Security for Microsoft Online Services. This is a topic that I am deeply passionate about and as Microsoft’s investment in the OneMicrosoft initiative becomes a primary focus of my work in the coming years. Read more
By Jacqueline Beauchere, Chief Online Safety Officer, Microsoft
NCSA Board of Directors Vice Chair
Today, the phrase “cyber security” prompts conversations at both the kitchen table and the boardroom table. That’s noticeable progress, considering it’s been just 10 years since the National Cyber Security Alliance (NCSA) launched its first awareness month in October 2003—a 31-day effort designed to raise the public consciousness about the need for safer habits and practices online.
While a few things are clear—for instance, more people know what to do to help secure their computing devices and personal data, some risky behaviors persist that may still leave individuals vulnerable. As a result, the panelists agreed more can be done on the part of all participants—individual consumers, businesses, organizations, and government.
See more >>
Microsoft has been steadfastly committed to, and engaged in, the W3C's Tracking Protection Working Group’s efforts to define a Do Not Track standard. We believe DNT holds the potential to help people better manage their privacy online.
The Working Group chairs are currently asking members how and whether to proceed with DNT standards work. At the Microsoft on the Issues blog, Chief Privacy Officer Brendon Lynch shared our response, emphasizing that Microsoft supports continued work toward a final, meaningful DNT standard that will help build greater trust across the Internet ecosystem.
The second annual Cloud Security Alliance (CSA) EMEA Congress was held last month in Edinburgh, Scotland, where several hundred business leaders and security professionals participated in an interesting series of sessions and interactive demonstrations from 20+ cloud providers.
With more and more organizations moving from evaluating the cloud to actual deployment, it is not surprising that trust, transparency and compliance came up during this event. Cloud providers should be prepared to address questions in these areas.
I was invited to deliver a keynote presentation at the event, in which I outlined the investments Microsoft makes in three broad categories: 1) the development of secure cloud offerings; 2) datacenter security; and 3) incident response – communication to customers if and when the unexpected occurs.