Microsoft’s Commitment to Protect Customer Data through Encryption Continues

Read more Microsoft’s Commitment to Protect Customer Data through Encryption Continues

Protecting Customer Data in Our Cloud through Microsoft Azure

Read more Protecting Customer Data in Our Cloud through Microsoft Azure

Strengthening encryption for Microsoft Azure customers

In July, we published a blog post which talked about the advancements Microsoft had made in encryption for Outlook.com and OneDrive to further increase the security of our customers data.   Today, Microsoft Azure has taken additional steps toward our commitment to protecting customer data with the announcement of encryption improvements for Microsoft Azure guest OS.   

The encryption improvements, which apply to Microsoft Azure cipher solution for hosted guest virtual machines, provide customers with enhanced protection when connecting and transmitting data. For example, the enhancements to the default Transport Layer Security (TLS)/Secure Socket Layer (SSL) cipher suites helps ensure that connections are better encrypted during transmission.  In addition, enabling Perfect Forward Secrecy (PFS) helps ensure a different encryption key is used for every connection, making it more difficult for attackers to decrypt connections.  See more >>

Read more Strengthening encryption for Microsoft Azure customers

RSA Europe 2013: Operational Security for Online Services

Today, at the RSA Conference Europe in Amsterdam, I gave a presentation on an important update to Microsoft’s security efforts – Operational Security Assurance (OSA). The design of a secure operations methodology is part of our ongoing commitment to enable trustworthy computing in all aspects of our online services, and OSA represents the next evolution of these efforts.

Since 2004, the Microsoft Security Development Lifecycle (SDL) has helped developers to build more secure software from the ground up. But the job doesn’t end there. Attacks do not necessarily target weaknesses in software. Some attacks are operational in nature, while others, like the Flame malware, target both software vulnerabilities and operational weaknesses. Defending cloud services against network attacks requires both strong development practices, like SDL, and a strong operational security regime. The following list includes a number of ways that OSA adds considerable value to the focus on infrastructure issues and operational security..  Read more

Read more RSA Europe 2013: Operational Security for Online Services

A New Era of Operational Security in Online Services

Tomorrow I will have the opportunity to keynote at the RSA Conference Europe and discuss the work I’ve been involved with overseeing Operational Security for Microsoft Online Services. This is a topic that I am deeply passionate about and as Microsoft’s investment in the OneMicrosoft initiative becomes a primary focus of my work in the coming years. Read more

Read more A New Era of Operational Security in Online Services