When it comes to building trust with cloud services customers, there’s no substitute for transparency. A cloud provider should be able to explain in detail how it will address the security, privacy and compliance needs of its customers. Read more >>
At Microsoft, we know that customer trust is essential to our business. People will use technology only if they can trust it, and our commitment to protecting customer data is an important element in building and maintaining that trust. The issue of who owns email is at the center of an important hearing in U.S. federal court in New York this week. See more>>
At Microsoft, we often talk about the investments we’ve made in trustworthy cloud services. But there’s nothing more encouraging than hearing from customers who recognize and benefit from those investments. See more >>
When I speak with customers, they often ask how they can successfully change the culture of their IT organization when deciding to implement a resilience engineering practice. Over the past decade I’ve collected a number of books and articles which I have found to be helpful in this regard, and I often recommend these resources to customers. I’ve included my favorites below, in no particular order, with a short explanation of why I’m recommending them. See more>>
Microsoft understands that a customer’s willingness to use a particular cloud computing service depends on their ability to trust that the privacy of their information will be protected, and that their data will only be used in a manner consistent with customer expectations. But even the best designed and implemented services can only protect customer data if they are deployed in a secured environment. See more >>
In my previous post, I discussed “DIAL”, an approach we use to categorize common service component interaction failures when applying Resilience Modeling & Analysis, (RMA), to an online service design. In the next two posts, I’ll discuss some mitigation strategies and design patterns intended to reduce the likelihood of the types of failures described by “DIAL”. See more >>
Online services face ongoing reliability-related threats represented by device failures, latent flaws in software being triggered by environmental change, and mistakes made by human beings. At Microsoft, one of the ways we’re helping to improve the reliability of our services is by investing in resilience modeling and analysis (RMA) as a way for online service engineering teams to incorporate robust resilience design into the development lifecycle. See more>>
Whenever I speak to customers and partners about reliability I’m reminded that while objectives and priorities differ between organizations and customers, at the end of the day, everyone wants their service to work. As a customer, you want to be able to do things online, at a time convenient to you. As an organization – or a provider of a service – you want your customers to carry out the tasks they want to, whenever they want to do so.
This article is the first in a four-part series on building a resilient service. In my first two posts, I will discuss the topic as it relates to business strategy, and then we'll dive deeper into the technical details. See more >>
What if you could deploy a process that would help you develop software products and services with better security, shorter development cycles, and fewer surprises for your customers?
Those are some of the benefits of threat modeling, which was the topic of an excellent presentation: New Foundations for Threat Modeling, from Adam Shostack, principal security program manager for Trustworthy Computing, at the RSA Conference USA this week. See more >>
One of the best things about the RSA Conference is the incredible exchange of ideas that takes place, and this year was no exception.
Microsoft’s security and privacy leaders were busy, not just with their own presentations, but also in discussions with other thought leaders, industry professionals and customers from around the world. See more >>