Security in a Cloud-Enabled World: Free Microsoft Virtual Academy course

Recently Mark Simos, an Architect on our cybersecurity team, and I recorded an 8 module course on cloud security. If you are evaluating cloud services for use by your organization or already managing IT assets in a public or hybrid cloud, or just want to learn more about how the cloud helps customers manage cybersecurity threats, this course is for you. Mark does a great job of providing insights that … Read more »

Cloud security controls series: Penetration Testing, Red Teaming, & Forensics

Some topics that I get asked about by customers frequently include whether they can do penetration testing on Microsoft cloud services, whether Microsoft does its own penetration tests, and how the cloud impacts customers’ ability to perform forensic investigations on systems they have in the cloud. I thought I’d cover all three of these topics in one article in our series on cloud security controls. Microsoft Enterprise Cloud Red Teaming … Read more »

Cloud security controls series: OneDrive for Business

One of the Microsoft cloud services that I get asked about most often is OneDrive for Business. It’s part of Office 365 – so many, many customers are already using this service. OneDrive for Business can help ensure that business files for organizations’ users are stored in a central location making it easy for users to search, share and collaborate on documents using a range of devices including Windows and … Read more »

Cloud security controls series: Rights Management

I talk to a lot of executives about various security topics. These days, when I talk to senior executives about leveraging cloud computing in their organization, the conversation they want to have tends to start with Rights Management and Rights Management Services (RMS). Top of mind for them is protecting their organization’s sensitive information from unauthorized access and exercising some control on how information is used within their organization and … Read more »

Cloud security controls series: Encrypting Data at Rest

In the last article I wrote in this series on cloud security controls I discussed controls that help protect data while its in-transit between Microsoft’s cloud services and our cloud service customers. Many of the customers I talk to are also interested in understanding the controls that are available to help manage the security of data stored and processed in Microsoft’s cloud services. There are many controls available that help … Read more »

Cloud security controls series: Azure AD Privileged Identity Management

Securely managing access to privileged accounts has been a challenge for many of the CISOs I talk to. Many of these CISOs worry that their organizations have too many permanent accounts with high levels of privilege in their environments. Some examples of the threats that keep these people up at night include malicious or rogue administrators, administrator credentials leaked via phishing attacks, administrator credentials cached on compromised systems, user accounts … Read more »

Cloud security controls series: Azure Active Directory‘s Access and Usage Reports

Over the past several months I have had many, many conversations with business customers and governments about the security benefits of Microsoft’s Cloud service offerings. This video from the RSA Conference earlier this year will give you an idea of the types of topics we have been discussing with customers. These conversations have increasingly become less about whether the Cloud can be trusted, and more about the innovative security and … Read more »

A cornerstone to trust in technology – compliance – proves foundational as more U.S. government organizations adopt cloud services

Government agencies want the economic benefits of cloud computing, but this alone isn’t always enough to make the case for change. To move forward, decision makers want to understand the security, privacy and compliance commitments of their cloud service provider. We continue to track and complete a number of attestations and compliance certifications, confirming controls are in place that help enable cloud solutions for government organizations. And, while compliance represents … Read more »

Cloud computing and government: an evolving partnership

Since 2010 at least fifty governments have published strategies or initiatives that focus on cloud computing, with the trend accelerating in the last year. This growing focus on cloud adoption demonstrates that governments, like businesses, have a keen interest in realizing the benefits of cloud computing – often not just for the public sector, but their countries as a whole. By using cloud services, governments can achieve far greater computing … Read more »

Groundbreaking project assesses public cloud for a more resilient Estonia

Cloud computing is increasingly inspiring organizations to rethink how they use IT to accomplish their goals. Around the world, we see cloud service adoption unlocking speed, scale, and economic benefits. Governments are taking note and following suit; Microsoft is helping them to use cloud services to create scalable, interactive citizen portals, collaborate more easily, deliver volumes of data to citizens all while reducing costs and ensuring the security, resilience and … Read more »