Our approach to security spans both technological and social aspects. To us, security is helping to ensure that information and data are safe and confidential. We are making considerable investments to increase the security of our technology and to provide implementation guides and training based on industry best practices.
At the same time, security is an industry-wide issue. We take a leadership position in the technology industry toward minimizing the impact of malicious computer use.
Three core elements guide our work and focus: Fundamentals, Threat and Vulnerability Mitigation, and Identity and Access Control.
Our focus on fundamentals is making the platform inherently safer. As part of this initiative Microsoft has trained its developers, testers, and program managers in how to develop more secure code, putting in place a process for developing secure code called the Security Development Lifecycle (SDL). Microsoft holds its engineering teams accountable for the security of the code they deliver.
Another key area is enhancing the process and tools used in updating customer software. Microsoft has been and will continue to work hard to make the updating process more manageable by making it predictable, improving the quality of updates, and investing in better tools and product enhancements to make it easier.
Threat and Vulnerability Mitigation
Microsoft strives to provide a comprehensive and integrated portfolio of software and technologies that suit the needs of all customers by providing the following benefits:
Central visibility and control of risk
Reduced exposure to threats through leading technologies and a defense-in-depth approach
Seamless integration with existing IT systems and within the security portfolio
Our approach will also reduce an organization's exposure to attacks, through best-of-breed threat protection, detection, and removal. Data collected using various feedback mechanisms combined with a global multi-vendor research effort will enable fast discovery of protection against new threats.
Identity and Access Control
Tackling this challenging aspect of security is another important layer of Microsoft's in-depth approach to defense. It has three parts:
Access Policy Management
Microsoft is focusing on innovation and integration in this area to help ensure that users are trustworthy, to help manage policy that dictates what resources those users can access, and to help protect information for its lifetime, wherever it is stored.