Want to know how Microsoft does IT? IT Showcase is a preferred source of information technology expertise, straight from the top subject matter experts at Microsoft.
How Microsoft does IT
  • Top Trends
    Cybersecurity & Privacy
    Microsoft IT is committed to ensuring that the company's information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework. Across IT and throughout Microsoft, we are continually evolving the security strategy and taking actions to protect our assets and the data of our customers.
    The Opportunity

    The world is digitally connected with a growing reliance on technology in our personal and professional lives.

    This connectedness represents an immense opportunity for Microsoft to deliver value to our customers by leveraging the digital transformation that is happening across mobile, social and cloud technologies.

    However, with cybersecurity making headlines more frequently, it's clear to see how any disruption has broad impact both for the affected businesses and their customers. These current events have also raised awareness for companies and individuals about the vulnerability of their data. As a result, customers have a new level of expectation about the security and privacy of the products and services they use - and businesses have an obligation to meet or exceed these customer expectations.
    Why security matters

    As this state of digital connectivity accelerates, there is a corresponding growth in cybersecurity risk. With each new device, online account or application, people are increasing the complexity and scope of their digital footprint and potential exposure. Navigating today’s technology landscape successfully requires more rigorous security controls and policies within the enterprise to manage the vulnerabilities that this complexity creates. The new value generated in today’s digital world can be quickly diminished as a result of a single, cybersecurity incident – whether malicious or unintentional.

    Median number of days groups were present on a victim’s network before detection
    Impact of cyber- attacks could be as much as $3 trillion in lost productivity and growth1
    Security incidents detected climbed to 42.8 million in 2014, an increase of 48% over 20132
    1. MTrends: Beyond the Breach, 2014 Threat Report Mandiant, A FireEye Company. 2014
    2. Managing cyber risks in an interconnected world. Key findings from The Global State of Information Security Survey 2015, pwc, September 30, 2014.
    Our approach to security
    Microsoft IT works across the company to detect threats, protect our data, and respond effectively. We are proactive in protecting credentials from theft and safeguarding our resources from compromise. The goal of Microsoft IT is to protect the company's corporate network and assets by mapping to our Core Protection Principles:

    • 1
        Protect customer data
    • 2
        Ensure the integrity of our devices
    • 3
        Protect the supply chain
    • 4
        Protect our intellectual property
    • What we have learned

      Cybersecurity strategy

      As Microsoft operates in a mobile-first, cloud-first world, we must be informed risk-takers. We must continue to move faster and be more agile to support the industry-leading products and services that the company creates. This means we have to produce cybersecurity solutions that defend our business from attack, while enabling the company’s future success. Microsoft IT addresses cyber-threats through a three-pronged strategy: protection, detection, and response. Microsoft IT continually re-evaluates its security posture, deploying additional people, processes, and technology as necessary to help prevent unauthorized access to the company’s networks.
    • What we have learned

      Don’t overlook hygiene

      Protection is all about hygiene, including the operationalization of security patching in the enterprise. IT organizations that make hygiene a top priority can deflect approximately 90% of the broad, generalist cyber-attacks.* Mitigating these vulnerabilities first is a security best practice. For Microsoft IT, this means ensuring that OS and database patching occurs on 30,000 servers each month.

      * Verizon Data Breach Investigations Report, 2013
    • What we have learned

      Threat intelligence is a lifecycle

      The threat intelligence lifecycle is used to provide a simple and repeatable security intelligence reporting framework. Microsoft IT combines data that we know about our internal environment with threat intelligence data we obtain from internal and third-party sources. This data allows us to provide application owners with a holistic view of the risks associated with their applications.
    • What we have learned

      Devices help drive productivity

      Many IT organizations only think about fully-managed and unmanaged devices, but we see a third category: lightly-managed or trusted devices. We still apply management and hygiene to these devices, and use analytics to demonstrate a device can be trusted, but more management responsibility shifts to the user. Microsoft employees have the option of choosing their primary device from our ever-expanding standard device list, and they can bring their own secondary device if they wish.
    • What we have learned

      Drive better end user behavior

      The actions of our employees are more important to security than ever. We seek to monitor and understand how they behave, and look to shape their behavior now and in the future. We use big data analytics to monitor behavior in aggregate in order to create a safer, more protected environment at the user level, centered on awareness and education.
    • What we have learned

      Cloud is a business enabler

      Adoption of cloud infrastructure and productivity applications requires risk assessments that are aligned with organizational auditors, and technical architecture review. In addition, a chief information security officer (CISO) and their team must consider business enablement aspects. Cloud computing has allowed us to build better business resiliency plans, more rapidly meet changing business models, and enable new revenue streams. Today, our CIO is comfortable with 93% of the company’s line-of-business applications moving to the cloud.
    Our ambition

    "It is no longer a matter of if your company will be compromised by bad actors, but rather when and how. With this mindset, the idea of maintaining a tight perimeter around the environment isn't practical if we are to remain competitive; we must innovate and drive industry best practices to ensure the security of our data, assets and services."

    Bret Arsenault, Chief Information Security Officer
    Featured Content
    Apr 20, 2016 |
    Microsoft IT created a solution to manage the risk of sharing sensitive data, while still promoting collaboration in Office 365. Power BI dashboards give insight into how Microsoft corporate users share information. This solution detects sensitive data sharing and helps Microsoft IT proactively manage and respond to information security risks.
    May 24, 2016 |
    Microsoft IT helps ensure that business applications are always available and safeguards data in case of disaster. To take advantage of new cloud technologies, we used a business-oriented strategy to identify critical business processes to evolve the existing business continuity and disaster recovery plan. We also took advantage of new Azure technologies such as System Center Data Protection Manager and SQL Data Sync to improve application resilience and performance in the cloud.
    Jun 30, 2016 |
    BitLocker Drive Encryption technology in Windows 10 uses the strongest publicly available encryption to help protect your computer’s data by preventing others from accessing your disk drives without authorization. Additionally, BitLocker To Go helps prevent unauthorized access on your portable storage devices, including USB flash drives. Learn how to enable and suspend BitLocker, retrieve a BitLocker recovery key, or encrypt portable drives with BitLocker To Go.

Contact us

Engage directly with Microsoft IT subject matter experts and get best practices, insights and answers.

Get in contact  >

About us

Find out what Microsoft IT Showcase is all about and how our experiences can provide value to your organization.

Learn more  >


Share on Facebook

New to Facebook?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

Share a link with your followers

New to Twitter?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

Share on LinkedIn

New to LinkedIn?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.