Rise in severe vulnerabilities highlights importance of software updates

In the context of computer security, vulnerabilities are weaknesses in software that could allow an attacker to compromise the integrity, availability, or confidentiality of either the software itself or the system it’s running on. Some of the worst vulnerabilities allow attackers to exploit the compromised system by causing it to run malicious code without the user’s knowledge. The effects of this can range from the annoying (experiencing unwanted pop-up ads) … Read more »

Managing cloud security: Four key questions to evaluate your security position

As cloud computing and the Internet of Things (IoT) continue to transform the global economy, businesses recognize that securing enterprise data must be viewed as an ongoing process. Securing the ever-expanding volume, variety, and sources of data is not easy; however, with an adaptive mindset, you can achieve persistent and effective cloud security. The first step is knowing the key risk areas in cloud computing and IoT processes and assessing … Read more »

Introducing the Microsoft Secure blog

For the past ten years on this blog we have shared Microsoft’s point of view on security, privacy, reliability, and trust. It has become the place to go for in-depth articles on Microsoft products and services, as well as tips and recommendations for improving security in your organization. Last November, Microsoft CEO Satya Nadella outlined our new approach to cybersecurity — one that leverages Microsoft’s unique perspective on threat intelligence, … Read more »

New Microsoft Azure Security Capabilities Now Available

In November, Microsoft CEO Satya Nadella outlined a new comprehensive, cross company approach to security for our mobile-first, cloud-first world. To support this approach, Microsoft invests more than a billion dollars in security research and development, every year. Today we are announcing the general availability of key security capabilities in the Microsoft Cloud, which are products of this research and development investment: Azure Security Center, Azure Active Directory Identity Protection, … Read more »

FedRAMP High: Trust is cloud security validated

The latest Government Office of Accountability report dealing with the security of high impact information technology (IT) systems continues to point out opportunities for improvement in cybersecurity across the US Federal Government. While improvements have been made, the persistence of the challenge is disquieting.  Particularly troubling is that many of the concerns result from long-standing and well known inefficiencies in the government’s current IT environment, such as low asset utilization, … Read more »

Connecting the dots to get ahead of your next security challenge

It is turbulent times we live in. The same technology that provides unprecedented global connections and productivity also provides hackers unprecedented surface area to commit headline-earning crimes. That’s why Microsoft is investing over $1 billion annually in security capabilities and connecting dots across the critical endpoints of today’s cloud and mobile world to help you keep up with security challenges. Join Ann Johnson and myself as we talk about the … Read more »

Microsoft’s unique perspective on cybersecurity

Being one of the more established companies in IT has its advantages. At Microsoft, we’ve seen IT management and the datacenter morph and change over time. Our technology has powered and protected some of the biggest and most complex systems in the world. And we’ve learned a thing or two from all this experience. We’re bringing our experiences together into a set of insights and ecosystem of partnerships to make … Read more »

Announcing Azure Information Protection

For most of the enterprise customers that I have talked with over the years, one of the most challenging aspects of data protection for their organization has been data classification. But the majority of these customers readily agree that data classification is key to effectively protecting their organization’s most important data and enabling their mobile and cloud security strategies. Microsoft has been working to help customers with this common challenge. … Read more »

Protect your data, yes. But can you detect a breach and respond effectively?

Rapid development in cloud and mobile technologies is enabling greater opportunities for businesses to connect and thrive globally. At the same time, though, the public drumbeat about data breaches, cyberwarfare, and state surveillance can make you question the wisdom of getting more connected. With great opportunity comes great risk, but the good news is business security strategies and technology solutions are rising to the challenge. Doing business in the era … Read more »

Microsoft’s Perspective on the Benefits, Challenges, and Potential Roles for Government in Fostering the Advancement of the Internet of Things (IoT)

Microsoft recently filed comments with the U.S. Department of Commerce and the National Telecommunications and Information Administration (NTIA) on the benefits, challenges, and potential roles for the government in fostering the advancement of IoT, which can be read here. In addition to commending NTIA for undertaking this timely public consultation and for providing comments received for public review, I wanted to summarize Microsoft’s policy perspectives and recommendations. Microsoft’s comments encourage … Read more »