A Single, Unified Trust Center for the Microsoft Cloud

Today we’re pleased to announce that we have created a single Microsoft Trust Center at www.microsoft.com/trustcenter, which unifies the trust centers of our enterprise cloud services—Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365. Increasingly, our customers deploy multiple Microsoft cloud services, and many expressed a desire for a single point of reference for cloud trust resources. They have come to rely on the trust centers to … Read more »

New Microsoft Enterprise Cybersecurity Group to Provide Greater Security Capabilities

We’ve worked hard to earn our customers’ trust when it comes to making their data more secure and we recently announced some significant advances in this area. As part of that news, my team’s newly formed Enterprise Cybersecurity Group, provides a significant new cybersecurity asset to Microsoft commercial and public sector customers. Microsoft’s Enterprise Cybersecurity Group will deliver security solutions, expertise and services that will empower our customers to leverage … Read more »

Cloud security controls series: Managing “Shadow IT”

Some of the enterprise customers I have talked to, that are in the process of evaluating cloud services for use by their organization, have told me that they currently do not use cloud services. Some are adamant that no one within their organization is currently using the cloud, while others speculate that some business groups are undoubtedly using cloud apps unbeknownst to their IT department and without explicit organizational approval … Read more »

Transforming Government: Presenting a cloud policy framework for innovation, security, and resilience

Around the world, organizations big and small are moving to the cloud to achieve more, faster. Cloud computing is no longer considered solely a transformative new generation of technology but a platform to enable ever greater efficiencies, deliver big data analytics, and empower the Internet of Things. As KPMG recently put it: “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in … Read more »

Historic High Infection Rates – The Threat Landscape in the Middle East

I have written about the threat landscape in the Middle East extensively over the years. It’s been about 18 months since I published my last article on this part of the world and malware infection rates in some locations in the region have since risen to historic highs – far above the highest malware infection rates ever published in the Microsoft Security Intelligence Report. So I thought I’d take a … Read more »

Security in a Cloud-Enabled World: Free Microsoft Virtual Academy course

Recently Mark Simos, an Architect on our cybersecurity team, and I recorded an 8 module course on cloud security. If you are evaluating cloud services for use by your organization or already managing IT assets in a public or hybrid cloud, or just want to learn more about how the cloud helps customers manage cybersecurity threats, this course is for you. Mark does a great job of providing insights that … Read more »

Cloud security controls series: Penetration Testing, Red Teaming, & Forensics

Some topics that I get asked about by customers frequently include whether they can do penetration testing on Microsoft cloud services, whether Microsoft does its own penetration tests, and how the cloud impacts customers’ ability to perform forensic investigations on systems they have in the cloud. I thought I’d cover all three of these topics in one article in our series on cloud security controls. Microsoft Enterprise Cloud Red Teaming … Read more »

What’s New with Microsoft Threat Modeling Tool 2016

Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. We have discussed in the past how applying a structured approach to threat scenarios during the design phase of development helps teams more effectively and less expensively identify security vulnerabilities, determine risks from those threats, and establish appropriate mitigations. The Microsoft Threat Modeling Tool 2016 is a free tool to help you find threats in the design … Read more »

Cloud security controls series: OneDrive for Business

One of the Microsoft cloud services that I get asked about most often is OneDrive for Business. It’s part of Office 365 – so many, many customers are already using this service. OneDrive for Business can help ensure that business files for organizations’ users are stored in a central location making it easy for users to search, share and collaborate on documents using a range of devices including Windows and … Read more »

Cloud security controls series: Rights Management

I talk to a lot of executives about various security topics. These days, when I talk to senior executives about leveraging cloud computing in their organization, the conversation they want to have tends to start with Rights Management and Rights Management Services (RMS). Top of mind for them is protecting their organization’s sensitive information from unauthorized access and exercising some control on how information is used within their organization and … Read more »