Microsoft Secure – Protecting from Evolving Security Threats Part 3

Cloud computing, mobile devices, the internet of things (IoT) and the increasing digitization of information in a hybrid computing environment present new challenges to securing data in what was once an on-premises-only environment. Adding to the challenge is the fact that the average time between breach and detection is typically over 170 days, per the Ponemon Institute. This can leave government agencies vulnerable to compromising highly sensitive information, potentially paralyzing services and costing millions in lost productivity. With threats evolving and the reality that all the protection in the world can’t stop a determined hacker, our federal government must be vigilant in protecting our country’s data and information from malicious attacks, such as the recent WannaCrypt attack.

The significance of addressing security also was emphasized in the recent Presidential Executive Order that is requiring all agencies to meet and document compliance with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) within a limited window of time. Today, we released an Azure Blueprint Customer Responsibilities Matrix (CRM) for the NIST CSF. The Matrix explicitly identifies the NIST CSF controls where an agency customer holds responsibility for control implementation. The CRM also provides detail on controls that Microsoft Azure implements on the customer’s behalf and how Azure Government meets the NIST CSF requirements.

At Microsoft, we are committed to helping our customers comply with the NIST CSF in our government cloud and on-premise solutions. In the new world we live in, the security paradigm has changed to an approach where:

Against this backdrop, we continue to focus on helping customers—especially government agencies—implement initiatives to protect, detect and respond to breaches.

Holistic, cloud-based protection

To help thwart attacks, we have found that a holistic, end-to-end approach is needed, with hardware, infrastructure and applications protected through the latest threat intelligence that only cloud computing can provide. The May 11 executive order makes migrating to shared services and the cloud priorities for IT modernization and cybersecurity efforts.

Our Azure Government cloud platform serves nearly 6 million government users across 7,000-plus federal, state and local organizations. Microsoft is committed to delivering secure, compliant cloud offerings and meeting the most stringent requirements specific to government agencies. For example:

Cybersecurity and infrastructure leadership

Just recently, I wrote about the U.S. Department of Veterans Affairs giving veterans access to healthcare information that is both clear and easy to understand through Access to Care, a new online tool powered by Azure Government and SQL Server technology. This is just one example of how our government shared-services cloud platform is enabling better support while helping to ensure security and compliance.

Microsoft also is using data science, machine learning, automation, behavioral analysis and expert threat researchers to forge the next generation of security solutions. Our Intelligent Security Graph (ISG) is informed by trillions of pieces of data from billions of devices we receive across our endpoints, consumer services, commercial services and on-premises technologies. This unique intelligence is built into our products and solutions to give customers visibility and insights into potential compromises. Our cybersecurity experts in the Digital Crimes Unit and the Cyber Defense Operation Center monitor all this information to identify real threats. This combination of artificial intelligence, machine learning and human vigilance equals holistic protection.

In addition to this post, you can learn more about our cybersecurity efforts at our Microsoft Secure site, by downloading our new white paper on The Evolution of Malware Prevention and in our ongoing “Microsoft Secure – Protecting from Evolving Security Threats” blog series: