Posted by David Bills, chief reliability strategist, Trustworthy Computing

Over the past couple weeks I have posted blogs talking about service reliability organizational goals, as well as causes of service outages and the associated mitigation strategies.  Today I’d like to share some insight into just one of the methods Microsoft uses to design and build cloud services to help ensure our services can respond gracefully to outages. It’s not a new concept, but one that I believe is useful for providers and customers alike to be thinking about.

Just as threat modeling is an important step in the design process when security-related issues are being evaluated, fault modeling is an important step in the design process for building reliable cloud services. It’s about identifying the interaction points and dependencies of the service and enabling the engineering team to identify where investments should be made to ensure the service can be monitored effectively and issues detected quickly. And, in turn, even guiding the engineering team toward effective coping mechanisms so the service is better able to withstand, or mitigate, the fault.

Posted by Adrienne Hall, general manager, Trustworthy Computing

I just got off the stage at RSA Europe in London where I delivered a keynote during which I announced the release of our bi-annual Security Intelligence Report (SIRv13) and a new free Cloud Security Readiness Tool. If you’ve ever been to an  RSA event you’ll know that the audience comprises security professionals from a range of organizations, including government agencies and some of the world’s largest companies.

Faced with an audience of around 1,000 IT security pros I kicked off with a story about a recent holiday - not the traditional start to an RSA talk. I explained how, in a restaurant in the middle of a tiny town on a remote island off the coast of Croatia I heard a local news report that mentioned the Gauss malware several times.

The point of my story was that cyber threats are increasingly an everyday fact of life for the world’s consumers. For us as security professionals, information and intelligence will continue to be critical to managing the potential impact of cyber threats. This is why we at the Trustworthy Computing Group work hard to produce the Microsoft Security Intelligence Report (SIR), the 13^th volume of which, also known as SIRv13, was released during my keynote today.

Posted by: Paul Nicholas, senior director, Trustworthy Computing

Earlier this week at the Budapest Conference on Cyberspace 2012, the UK Government announced the establishment of the Centre for Global Cyber-Security Capacity Building. In an effort to combat the growing global cyber threat problem, the Centre will focus on areas such as fostering greater international collaboration, increasing access to security expertise and information sharing, and promoting good governance practices online. This effort comes at a critical inflection point in cyberspace driven by the widespread adoption of technology.  According to the World Economic Forum, 70 percent of the world’s population lives in countries that are in the process of coming online.

Recent Internet research shows the online population is expected to grow to over three billion people in 20161; devices will likely exceed 50 billion2; and overall data may increase more than 50 times by 20203. The continued growth in people, devices, and data becomes an attractive target for criminals who seek to gain access to valuable information or in some instance disrupt operations. Clearly, the benefits of using the Internet far outweigh the risks, but in order to create safer, more trusted computing experiences, the private sector and governments must work together.

Posted by Matt Thomlinson, general manager, Trustworthy Computing

This week I participated in the Budapest Conference on Cyberspace 2012  and also spoke at the Atlantic Council’s evening event  entitled “Toward a Secure Cyber-Future: Building a Public-Private Partnership for Cybersecurity Norms.”[1]  During both events, I stressed the importance of public-private partnership at the international level and the need to ensure that the private sector had a voice in the key discussions occurring around confidence-building measures and cybersecurity norms.

Cybersecurity policy is increasingly an international challenge. From 2000-2010 much of cybersecurity policy development has occurred within nation states and, in many instances, the policy development process leveraged public-private partnerships.

To date, most international discussions on cybersecurity have been largely between governments.  This is the right starting place, as governments need to think through the cybersecurity implications of a connected world. Today industry creates and operates most of the infrastructure that enables cyberspace. Industry continues to innovate and build best practices and technical cybersecurity norms including: vulnerability disclosure management, secure development, security incident response, and risk management. Therefore, these global conversations on cybersecurity would also benefit from a private sector perspective that can help governments think through the technical challenges and priorities involved in securing billions of customers using the Internet around the world.

Posted by Jacqueline Beauchere, director, Trustworthy Computing Communications, Microsoft

Omaha, Nebraska is the site of this year’s official launch of National Cyber Security Awareness Month (NCSAM). At the kickoff, and in the 30 days to follow, government officials and industry leaders will remind individuals, families, and businesses to do their part to help make the Internet safer for all.

As an active member of the National Cyber Security Alliance (NCSA), Microsoft participates in NCSAM each year, supporting and sponsoring various events and activities. The Omaha launch will feature remarks by local, state, and national leaders, followed by a series of industry-led instructional sessions aimed at small and mid-sized businesses. From safeguarding company networks and developing security policies, to protecting business assets and educating employees, security and business leaders from top corporations will share tips and guidance. Microsoft will conduct a session on Internet security in the workplace, showcasing our free toolkit for businesses.

Posted by Kim Sanchez, director, Trustworthy Computing Communications, Microsoft

No matter which search engine someone prefers, a key piece of advice from safety advocates to help protect your online reputation, is to conduct an Internetsearch on yourself, using several search engines.  And then, evaluate whether your online life mirrors the reputation you want others to see.

Recently, the Bing team launched an Internet search tool that lets you conduct a side-by-side search engine comparison with Google.  Now, while I think it’s cool, I thought; what if people used this double search feature for good – their own good.  What a great time to use one tool, to help manage your online reputation: Search for yourself, and check out what’s being said about you.  According to a recent study*, 37 percent of adults never do this. 

Posted by David Bills, chief reliability strategist, Trustworthy Computing

When we’re talking about cloud services, I’m a firm believer in the idea that services failure will occur – it’s not a matter of if, it’s strictly a matter of when. This is because the more complex things become, the more challenging it is to anticipate and predict failures. As a result, designing services to withstand failure, as well as having a plan in place to recover the service quickly, is critical in building trust and maintaining long-term relationships with customers.

Posted by Bonnie Kearney, director, Trustworthy Computing Communications – Accessibility & Aging

Worldwide, a “Silver Tsunami” -- an increase in the average age of the population -- is occurring. In the U.S. alone, one in five U.S. workers will be 55 or older by 2025. As part of the natural aging process, many older adults experience functional limitations, and can benefit from customizing their computing experiences to better meet their personal needs.  Whether in the home, as a tool to stay connected, or in the workplace, to extend a career past what is traditionally considered “retirement age,” accessible technology can help people of all ages and abilities continue to work and play online.

On Sept. 20 in New Orleans, AARP kicked off its annual Life @50+ National Event and Expo. This three-day conference hosts more than 20,000 AARP members and attendees. Given our long-standing commitment to making technology safer and easier to use, Microsoft understands the importance of working with organizations like AARP and attending gatherings like this one. Microsoft is providing resources and guidance, along with demonstrating the accessibility features in our products that help address the needs of individuals age 50 or older. We are also eager to hear from attendees about their online habits and concerns.  To that end, the company’s Accessibility & Online Safety Teams are conducting an on-site survey to gauge attendees’ online
safety behaviors.

Posted by Kim Sanchez, director, Trustworthy Computing

Computer security and online safety is a 24/7 hour affair. Business leaders at work are frequently family leaders at home and – particularly for security issues – are interested in online safety for their family.

This week, the Family Online Safety Institute launched a groundbreaking new tool called the Platform for Good (PfG).  With the backing of some of the top industry leaders including Facebook, Google and Microsoft, along with the backing of the MacArthur Foundation, PfG is designed to promote and encourage good online behavior, also known as digital citizenship.

How?  PfG will help connect parents, educators, and youth by bringing attention to the many positive ways families and schools use technology through interactive features.  It will also provide resources to help bridge the generational divide in the digital world.

Posted by Jacqueline Beauchere, director, Trustworthy Computing Communications, Microsoft

Young people, parents, educators, and government officials around the world continue to be concerned about online bullying, often asking:  What is it?  How can it be prevented?  And, what tools and resources are available to raise awareness and help educate the public?

Last week, the office of the Attorney General of Washington State held a day-long Cyberbullying Summit on Microsoft’s campus in Redmond, Washington. The company’s Online Safety Team had the distinct pleasure of actively participating.  I spoke on a panel entitled, “Where are we now? Current Efforts in Education, Law and Technology to Fight Cyberbullying,” and my colleagues and I took part in the compelling working sessions that followed.

Attendees included Attorney General Rob McKenna and other government officials; educational and community leaders from across the state, as well as local law enforcement and representatives from the private sector.  Resources were exchanged and best practices were shared.  After thoughtful collaboration a draft plan for a state-wide campaign was devised to begin communicating clearly and with a singular voice how, best to prevent online bullying among youth, and encourage all individuals to be better “digital citizens.”  Digital citizenship – responsible and appropriate use of technology – is a recurring theme in working to address many online safety issues.