A Balancing Act

There are many types of risks that CIOs must address, including project risk, financial risk, and operational/security risk. To be successful, you must be clear about identifying your risks and ensure that you have a governance structure in place that allows you to prioritize the risks the business will accept and the risks you will mitigate. You can’t get risk to zero.

CIOs must understand the types of security risks they believe their organization is most prone to encounter. Unfortunately, many IT executives operate as if there is a canonical list of risks to resolve to secure an organization. Of course, there is no single answer to protect your enterprise. For most, a balance between hygiene and advanced threats is the rational approach to apply resources. The appropriate actions to take depend on your industry, your company, and your position.

Microsoft IT constantly reviews its security policies and processes, evolving as needed to best respond to new developments. Three of the security initiatives Microsoft IT launched in 2013 are featured on the right.

The Microsoft Security Governance Council

Representatives form Microsoft stakeholder organizations unite to focus on broad security initiatives.


Visitors at Microsoft headquarters each year

BYO Everything

A strategy to support employee use of Windows and non-Windows personal devices.

Business Resilience Using the Cloud

Read how Microsoft IT used the resiliency of cloud computing in its datacenter.

Cyber Threats

We’re enhancing security event-data collection and analysis using Microsoft’s Big Data platform


The Microsoft
Security Governance

Microsoft IT chairs the security governance council along with three other core members. They, together with representatives from other stakeholder organizations, focus on the broad initiatives in the center of the diagram.