Introducing the Microsoft Secure blog

For the past ten years on this blog we have shared Microsoft’s point of view on security, privacy, reliability, and trust. It has become the place to go for in-depth articles on Microsoft products and services, as well as tips and recommendations for improving security in your organization. Last November, Microsoft CEO Satya Nadella outlined our new approach to cybersecurity — one that leverages Microsoft’s unique perspective on threat intelligence, … Read more »

Security in a Cloud-Enabled World: Free Microsoft Virtual Academy course

Recently Mark Simos, an Architect on our cybersecurity team, and I recorded an 8 module course on cloud security. If you are evaluating cloud services for use by your organization or already managing IT assets in a public or hybrid cloud, or just want to learn more about how the cloud helps customers manage cybersecurity threats, this course is for you. Mark does a great job of providing insights that … Read more »

Cloud security controls series: Encrypting Data at Rest

In the last article I wrote in this series on cloud security controls I discussed controls that help protect data while its in-transit between Microsoft’s cloud services and our cloud service customers. Many of the customers I talk to are also interested in understanding the controls that are available to help manage the security of data stored and processed in Microsoft’s cloud services. There are many controls available that help … Read more »

A Week in The Hague: The Global Conference on Cyberspace (GCCS)

Cybersecurity experts from around the world recently gathered at the Global Conference on Cyberspace (GCCS) in The Hague. Over a thousand delegates from across the private sector, government and civil society attended the main conference, and many used the opportunity to promote practical cooperation in cyberspace, enhance capacity building and to discuss norms of state behavior in cyberspace. While such events are easily dismissed, I came away from the conference … Read more »

Cloud computing and government: understanding security and resiliency benefits

Around the world, governments are looking to cloud computing to help them meet their goals. On February 12, I published a blog post within which I highlighted that, in recent years, more than 50 governments have published strategies or initiatives that focus on cloud computing. As I described, their approaches to cloud adoption vary. However, certain government perspectives consistently emerge. For instance, many governments devote considerable space to articulating the benefits … Read more »

Microsoft partners with cities and governments to improve cybersecurity for citizens

City life is changing – there is no doubt about that. Unprecedented population shifts and extraordinary growth have impacted how urban populations live and work together. For city leaders, this rapid change has created not only unique challenges, but also significant opportunities. Many are looking to technologies like the Cloud and Internet of Things (IoT) devices to solve growing problems, and for good reason. The Cloud increases efficiency and simplifies … Read more »

The Importance of Effective Information Sharing

This week, I testified before the U.S. Senate Committee on Homeland Security and Governmental Affairs at a hearing on “Protecting America from Cyber Attacks: the Importance of Information Sharing.” It was good to see that the committee’s first hearing of the 114th Congress focuses on cybersecurity issues generally, and information sharing in particular, and I’d like to summarize the key points of my testimony. There is no doubt that cybersecurity is … Read more »

Putting Information Sharing into Context

Putting Information Sharing into Context: New Whitepaper Offers Framework for Risk Reduction The nearly incessant drumbeat of cybersecurity incidents over the past weeks and months has brought about renewed interested in information sharing across the technical and political spheres. For example, earlier this month the White House proposed legislation to encourage information sharing which President Obama also referred to in his State of the Union address. When it comes to … Read more »

Six Proposed Norms to Reduce Conflict in Cyberspace

Last month, my team launched a new white paper, “International Cybersecurity Norms, Reducing conflict in an Internet-dependent world” at the EastWest Institute’s 2014 Global Cyberspace Cooperation Summit in Berlin. In the paper we explained the unique cyber risks posed by nation states’ offensive activities, and how these risks could escalate – perhaps unintentionally – to catastrophic consequence. Our goal was to outline the risks faced by society, and propose six … Read more »

Navigating Security in the Age of the Breach at the Evanta CIO Executive Summit

Last month, I had the honor of moderating a panel of esteemed executives at the 2014 Evanta CIO Executive Summit in Chicago, Illinois. The topic for discussion was “Navigating Security in the Age of the Breach.” The panelists included Paul Martin, CVP & CIO Baxter International Inc., Preston Simons, VP, IT & CIO Abbott, and Marc Varner, CISO McDonald’s Corporation. The group discussed security strategies, Bring Your Own Device (BYOD) … Read more »