Get both sides of the shadow IT story

There are a number of reasons why employees use non-approved SaaS applications, and there are very good reasons IT wants to limit it. To reach a point where both sides are working together, it’s important to understand both perspectives. Through the business lens: Employees look to drive results first Organizations are in very competitive environments with demanding business objectives and far-reaching goals. Employees are under intense pressure to deliver results … Read more »

How to solve the diversity problem in security

This post is authored by Ann Johnson, Vice President, Enterprise Cybersecurity Group. I was in the midst of composing this blog on diversity in cybersecurity when a Fortune article on Women in Cybersecurity found its way to my LinkedIn feed. It was promoted to me by a man I know and respect. As I reflected on the content of this piece in the context of my post, a key detail … Read more »

Future-proofing principles against technological change

In recent years, governments’ concerns about cybersecurity, data protection, and other information and communications technology (ICT) related issues have led to new policies, legislation, and regulation. In response, the ICT industry has consistently called for laws and rules that focus on outcomes and on principles, rather than on processes and prescriptions. This call has become so ubiquitous, however, that there is a danger it has become a hollow form of … Read more »

Giving CISOs assurance in the cloud

Recently, I hosted a Chief Information Security Officer roundtable in Washington, DC. Executives from several US government agencies and systems integrators attended to share cloud security concerns and challenges, such as balancing collaboration and productivity against data protection needs, cyber threat detection, and compliance.

3 ways to outsmart attackers by using their own playbook

This blog post was authored by Andrej Budja, Frank Brinkmann, Heath Aubin, Jon Sabberton and Jörg Finkeisen from the Cybersecurity Protection Team, part of the Enterprise Cybersecurity Group. The security landscape has changed. Attackers often know more about the target network and all the ways they can compromise an organization than the targeted organization itself. As John Lambert writes in his blog, “Defenders think in lists. Attackers think in graphs. … Read more »

What’s new in the Windows Defender ATP Creators Update preview

This blog is authored by Avi Sagiv, Principal Program Manager, Windows Defender ATP. Security is top of mind for all our customers. At Microsoft, we’re building a platform that looks holistically across all the critical end-points of today’s cloud and mobile world. Our platform investments across identity, applications, data, devices, and infrastructure take a comprehensive approach that is inclusive of the technologies our customers are using. As we continue to invest … Read more »

What’s new in Microsoft’s SDL

This post is authored by Andrew Marshall, Principal Security Program Manager, Security Engineering. For well over a decade, Microsoft has been committed to designing, developing, and testing software in a secure and trustworthy manner and sharing the Security Development Lifecycle (SDL) methodology and resources with the software development community. We are continuing to make investments into the evolution of the SDL and resources we provide to enable the ecosystem to adapt … Read more »