Leveraging technology as a force multiplier for security

In Microsoft’s large and growing retail footprint, there will inevitably be losses, theft and the need for investigative services. Beyond this retail arm, Microsoft as a large global corporation is faced with the daily challenge of protecting its people and assets across many different and geographically dispersed locations. At Microsoft Global Security, we use a wide variety of technologies to support the requirements of these different business groups. To meet all of our directives, it is extremely important that our technology platforms not only provide flexibility in serving and supporting all of Global Security’s requirements, but are also able to meet our wider enterprise needs.

In 2010, Microsoft retail stores in several states were targeted by an organized crime group, suffering losses of more than $100,000. During the investigation of these crimes, case reports from various local police agencies reached double digits and our retail investigators linked over a dozen separate subjects to the group. To bring order to the investigation and optimize analysis of the data, it is important to have an easy way to track incidents, find commonalities for cross-jurisdictional cases, and easily share the information with law enforcement to better identify potential suspects.

The powerful, flexible and highly compatible software we utilize to keep track of incidents and investigations, and also provide real-time redundancy across our three Global Security Operations Centers (GSOCs), is Perspective by PPM. This end-to-end software solution responds to, reports on and analyzes enterprise security events, enabling our security team to easily collect reports, pass them to the right team, and track all issues until they are resolved.

To support thousands of Microsoft employees across the world, our GSOCs utilize Perspective by PPM to record actionable events, prioritize appropriate resources and dispatch first responders. During an incident, ongoing event recording is updated by the GSOC in real time as information is relayed by responders. After the incident is resolved, the data that was generated helps facilitate a thorough review of our response helping to provide an after action report.

Our Investigations team uses Perspective for both retail and corporate concerns, covering a wide range of issues from theft or loss of corporate assets to Threats of Violence (TOV). Once a report is made, the tool helps direct it to the right place and tracks its status. The report is then reviewed to determine the appropriate response, helping to correctly assign investigative action. This tracking puts all investigative activity into one comprehensive database for ongoing case management. Because of this, our team can intelligently action and query their data, enabling trend analysis and drawing insightful comparisons. With the ability to assess what’s happening and its potential impact, investigations and security leadership can make informed decisions that reduce risk through preventative measures.

Perspective has the capability to integrate with any application, making data sharing simple. This lets our team connect its data with our other GSOC applications, including IDV Solution’s Visual Command Center, giving us the ability to visualize Perspective incident data on a map and timeline. Microsoft’s GSOCs are designed for global workload sharing, allowing continuity of operations in virtually any event. Should one GSOC be sidelined by a major incident, Perspective’s integration capability makes it possible for another GSOC to immediately take its place.

By utilizing Perspective, Global Security has been able to greatly reduce the labor required for collecting incident data; more significantly, we have also reduced the number of incidents. For these reasons it is in an imperative part of our business continuity efforts

Business learnings:  Booz Allen Hamilton

So how was the 2010 organized retail crime investigation resolved? Our lead investigators provided data and analysis from Perspective to law enforcement who then arrested the majority of the main suspects.

Brian Tuskan
Senior Global Security Director of Technology & Investigations, Microsoft Corporation

About the Author

Brian Tuskan | Sr. Director of Security Technology & Investigations, Microsoft Corporation

As Sr. Global Security Director of Technology & Investigations for Microsoft Corporation, Brian Tuskan oversees all security communications & awareness. In his 13 years at Microsoft, he has led multiple other Global Security teams, including Global... Read More