Want to know how Microsoft does IT? IT Showcase is a preferred source of information technology expertise, straight from the top subject matter experts at Microsoft.
  • Top Trends
    Cybersecurity & Privacy
    Microsoft IT is committed to ensuring that the company's information and services are protected, secured, and available for appropriate use through innovation and a robust risk framework. Across IT and throughout Microsoft, we are continually evolving the security strategy and taking actions to protect our assets and the data of our customers.
    Security_one Img
    The Opportunity

    The world is digitally connected with a growing reliance on technology in our personal and professional lives.

    This connectedness represents an immense opportunity for Microsoft to deliver value to our customers by leveraging the digital transformation that is happening across mobile, social and cloud technologies.

    However, with cybersecurity making headlines more frequently, it's clear to see how any disruption has broad impact both for the affected businesses and their customers. These current events have also raised awareness for companies and individuals about the vulnerability of their data. As a result, customers have a new level of expectation about the security and privacy of the products and services they use - and businesses have an obligation to meet or exceed these customer expectations.
    Why_Security_Icon Img
    Why security matters

    As this state of digital connectivity accelerates, there is a corresponding growth in cybersecurity risk. With each new device, online account or application, people are increasing the complexity and scope of their digital footprint and potential exposure. Navigating today’s technology landscape successfully requires more rigorous security controls and policies within the enterprise to manage the vulnerabilities that this complexity creates. The new value generated in today’s digital world can be quickly diminished as a result of a single, cybersecurity incident – whether malicious or unintentional.

    Median number of days groups were present on a victim’s network before detection
    Impact of cyber- attacks could be as much as $3 trillion in lost productivity and growth1
    Security incidents detected climbed to 42.8 million in 2014, an increase of 48% over 20132
    1. MTrends: Beyond the Breach, 2014 Threat Report Mandiant, A FireEye Company. 2014
    2. Managing cyber risks in an interconnected world. Key findings from The Global State of Information Security Survey 2015, pwc, September 30, 2014.
    Security_Two Img
    Our approach to security
    Microsoft IT works across the company to detect threats, protect our data, and respond effectively. We are proactive in protecting credentials from theft and safeguarding our resources from compromise. The goal of Microsoft IT is to protect the company's corporate network and assets by mapping to our Core Protection Principles:

    • 1
        Protect customer data
    • 2
        Ensure the integrity of our devices
    • 3
        Protect the supply chain
    • 4
        Protect our intellectual property
    • What we have learned

      Cybersecurity strategy

      As Microsoft operates in a mobile-first, cloud-first world, we must be informed risk-takers. We must continue to move faster and be more agile to support the industry-leading products and services that the company creates. This means we have to produce cybersecurity solutions that defend our business from attack, while enabling the company’s future success. Microsoft IT addresses cyber-threats through a three-pronged strategy: protection, detection, and response. Microsoft IT continually re-evaluates its security posture, deploying additional people, processes, and technology as necessary to help prevent unauthorized access to the company’s networks.
      Slide_one Img
    • What we have learned

      Don’t overlook hygiene

      Protection is all about hygiene, including the operationalization of security patching in the enterprise. IT organizations that make hygiene a top priority can deflect approximately 90% of the broad, generalist cyber-attacks.* Mitigating these vulnerabilities first is a security best practice. For Microsoft IT, this means ensuring that OS and database patching occurs on 30,000 servers each month.

      * Verizon Data Breach Investigations Report, 2013
      Slide_Two Img
    • What we have learned

      Threat intelligence is a lifecycle

      The threat intelligence lifecycle is used to provide a simple and repeatable security intelligence reporting framework. Microsoft IT combines data that we know about our internal environment with threat intelligence data we obtain from internal and third-party sources. This data allows us to provide application owners with a holistic view of the risks associated with their applications.
      Slide_Three Img
    • What we have learned

      Devices help drive productivity

      Many IT organizations only think about fully-managed and unmanaged devices, but we see a third category: lightly-managed or trusted devices. We still apply management and hygiene to these devices, and use analytics to demonstrate a device can be trusted, but more management responsibility shifts to the user. Microsoft employees have the option of choosing their primary device from our ever-expanding standard device list, and they can bring their own secondary device if they wish.
      Slide_Four Img
    • What we have learned

      Drive better end user behavior

      The actions of our employees are more important to security than ever. We seek to monitor and understand how they behave, and look to shape their behavior now and in the future. We use big data analytics to monitor behavior in aggregate in order to create a safer, more protected environment at the user level, centered on awareness and education.
      Slide_Five Img
    • What we have learned

      Cloud is a business enabler

      Adoption of cloud infrastructure and productivity applications requires risk assessments that are aligned with organizational auditors, and technical architecture review. In addition, a chief information security officer (CISO) and their team must consider business enablement aspects. Cloud computing has allowed us to build better business resiliency plans, more rapidly meet changing business models, and enable new revenue streams. Today, our CIO is comfortable with 93% of the company’s line-of-business applications moving to the cloud.
      Slide_Six Img
    Security_Three Img
    Our ambition

    "It is no longer a matter of if your company will be compromised by bad actors, but rather when and how. With this mindset, the idea of maintaining a tight perimeter around the environment isn't practical if we are to remain competitive; we must innovate and drive industry best practices to ensure the security of our data, assets and services."

    Bret Arsenault, Chief Information Security Officer
    Featured Content
    Dec 09, 2016 |
    With collaboration on the rise, Microsoft IT is rethinking information security. Social collaboration, ubiquitous connectivity, and new ways of collecting data and storing content encourage innovation and content sharing—but they also pose potential security risks for organizations. We help protect content through technologies like Microsoft Office Delve, Azure Information Protection, and Microsoft Teams—securing content wherever it exists, and in ways that go beyond traditional IT security.
    Nov 16, 2016 |
    In our cloud-first, mobile-first environment, the use of cloud apps is on the rise. To help protect corporate data, Microsoft IT uses Microsoft Cloud App Security to discover and identify cloud applications in use on our network, assessing security risks for any app. With the Cloud App Security Portal, we monitor suspicious behavior patterns and unusual activity and detect threats. Cloud App Security provides protection for our network and greater visibility into our environment.
    Dec 29, 2016 |
    To respond to the increasing sophistication of cyberattacks, Microsoft IT implemented a new cloud-based service, Windows Defender Advanced Threat Protection (ATP). Focusing on the small number of attacks that originate from advanced adversaries, Windows Defender ATP draws on machine learning, big data, and security analytics to help us detect, investigate, and respond to advanced, targeted attacks on our network, without building costly, on-premises solutions.
    Dec 23, 2016 |
    For Microsoft IT, conventional processes for managing Microsoft Azure resources weren’t providing good visibility into self-provisioned cloud usage. To overcome this challenge, we created and maintain an inventory of the Azure subscriptions and resources across the enterprise. It includes detailed resource and usage records for resource management and auditing. With the inventory, we developed a system for Azure usage management that helps us realize efficiency and value from our Azure resources.
    Dec 23, 2016 |
    To better manage and secure our Microsoft Azure resources, Microsoft IT created an Azure asset inventory that provides a consolidated view of all the Azure subscriptions and resources at Microsoft. Key data in the inventory helps us analyze Azure resources and configurations to optimize the environment and ensure compliance. Having the ability to analyze the Azure resource inventory for resource and configuration data has helped reduce costs, improve security, reduce risk, and manage resource ownership.
    Feb 28, 2017 |
    For Microsoft IT, the transition to the cloud requires fundamental changes to legacy network design. Modern, cloud-based apps and services need reliable Internet connectivity to provide top-notch user experiences and high levels of productivity. We evaluated our network’s needs and set about to re-architect the infrastructure to support the cloud-first, mobile-first culture at Microsoft—creating a proactive network model that takes advantage of consistent taxonomy, standard configuration, and automation.
Share Widget Slider

Share on Facebook

New to Facebook?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

Share a link with your followers

New to Twitter?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.

Share on LinkedIn

New to LinkedIn?
Get instant updates from your friends, industry experts, favorite celebrities, and what's happening around the world.