The security of our customers' computers and networks is a top priority. We are committed to building software and services that help protect our customers and the industry. Our approach to security includes both technological and social aspects, and we strive to ensure that information and data are safe and confidential. Drawing on industry best practices, we make investments to increase the security of our technologies and to provide guidance and training to help minimize the impact of malicious software.
Three core elements guide the work and focus of security: Fundamentals, Threat and Vulnerability Mitigation, and Identity and Access Control.
We focus on making online activities, software, and services safer. As part of Trustworthy Computing, Microsoft has trained its developers, testers, and program managers to build more secure software code, following an approach called the Security Development Lifecycle (SDL).
Another fundamental focus is enhancing the processes and tools used in updating customer software. Microsoft works hard to make the updating process more manageable by making it predictable, improving the quality of updates, and investing in effective tools and product enhancements to make it easier.
Threat and Vulnerability Mitigation
Microsoft strives to provide a comprehensive and integrated portfolio of software and technologies that suit the needs of all customers by providing the following benefits:
Central visibility and control of risk
Reduced exposure to threats through leading technologies and a defense-in-depth approach
Seamless integration with existing IT systems and within the security portfolio
Our approach also helps reduce an organization's exposure to attacks, through best-of-breed threat protection, detection, and removal. Data that is collected using various feedback mechanisms combined with global multi-vendor research and collaboration helps promote fast discovery of protection against new threats.
Identity and Access Control
Tackling this challenging aspect of security is another important layer of Microsoft's in-depth approach to defense. It has three parts:
Access Policy Management
Microsoft is focusing on innovation and integration in this area to help ensure that users are trustworthy, to help manage policy that dictates what resources each user can access, and to help protect information permanently, wherever it is stored.