Securing the Intelligent Edge

Azure, creativity and trust: How Microsoft is securing the cloud

Oct 16, 2017   |  

In the last 20+ years, IT security pros have been building and navigating through what I like to call the “inside walls of the enterprise security castle” where our users blissfully lived, and that made us very happy. As the primary gatekeepers of our castle, I spent a significant amount of time (frankly, more than I will ever want to admit) making sure our enterprise environments operated properly and securely in the midst of ever-evolving technologies.

But nothing could have prepared me for the cloud-first future—and I mean nothing! No new server configuration for emails, no farm building for more document storage, no further extension of mainframe security, or bigger laptops and hard drives. None of it. Because the future is opening the castle gates and taking us outside of those scrupulously-built, fortified castle walls, and now IT security pros must look to reinvent the security footprint in this new, uncharted territory. I now sympathize with Mother Gothel when Rapunzel left the tower…

The intelligent edge is the estate

The term intelligent edge at Microsoft represents devices and the data those devices produce; whereas, intelligent cloud refers to where that data lives. “Data has gravity,” reminded Satya Nadella on day one of Microsoft Build 2017, as he made exciting announcements around intelligence—from the cloud to the edge. Data gravity means that as data accumulates in the cloud, additional services and applications will be attracted to it. Add to that the external accessibilities we’re granting our cloud computing clients and now we have stepped completely outside of the guarded safehold of our castle to the unexplored land of the estate. So now that we no longer have a controlled perimeter— the castle—how do we approach securing the estate? How do we use our Azure services and suite of Microsoft 365 products to help enforce security policies?

At Microsoft, we’ve spent years building our security muscle and now we’re having to look at how we can digitally transform that ecosystem to ensure our top priority—information protection and privacy. A bit challenging to say the least, but also very exciting.

As part of navigating the digital transformation, securing the intelligent edge is not so much about collecting billions of bits of data, but making sense of it in order to strategically spot anomalies and drive security improvements back into the products.

Cloud-first security takes creativity and trust

My team and I are currently developing a set of methodologies to secure the cloud-connected client here at Microsoft. Our mission is to move away from protecting enterprise assets to securing the data. For us, data-centric security is the only way to ensure that the most important asset of a business—its data—is protected.

With the convenience of cloud-based services such as Azure Security Center, Azure Information Protection, Microsoft 365, and Microsoft Security Intelligent Graph, to name a few, our cloud-first model offers security advantages that make it easier for my team to protect and manage privacy because the confinements of a thick client, on-premise domain, and network-based perimeters no longer exist in our environment. In this agile model, we envision any connected client (thick and thin) to be protected, and cloud-based applications and services to provide data-centric controls so we no longer have to worry about building out the protection architecture. Instead, we can dedicate more time thinking about strategic and innovative ways to secure what’s next. Now that’s the true definition of agile!

Yes, I have to trust that our employees are on managed devices and that through domain partnerships and containers we can deploy to anywhere, any place, any device, at any time without having to worry about the infrastructure behind it. But we are at a point where technology has become the assistor instead of the inhibitor and that allows for less worry and more creativity in this new journey.

Creativity that will bring innovation around the next trends, new enhancements, features, requirements, vulnerabilities, and everything in between in this ever-changing environment. For me, the excitement is around how I think about machine learning, quantum and AI technologies and how to protect them…or against them (if AI decides to step out of its own boundaries)! Shout out to my AI overlords.

As we continue to progress in our cloud-connected client security strategy, I invite you to join me and my team as we share more about the complexities and learnings of securing a cloud-only ecosystem at Microsoft. We’ll share our cloud expedition and how Azure services are helping us take control of security. Please check back with us in the next few weeks as we dive deeper in how we approach securing the Internet of Things, networking, security monitoring and more!

Learn more about securing the cloud-connected client by reading about driving digital transformation with modern network infrastructure, building cloud apps using the Secure DevOps Kit for Azure, how to take control of cloud security with Azure Security Center, and protecting files in the cloud with Azure Information Protection.