|
||||||
Will the user define security policies in the future?I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the user will buy their own and use it for business. Additionally, different people have different ... 
Get off XP or Risk your Business?One of the highest hit rates I ever had on my blog was one I wrote right before Conficker broke out. I called it Playing Russian Roulette with your Network. The background was, that we released an out of band security update and our customers came back and asked us, whether they really shall deploy it – this situation then led to Conficker. About 12 months from today, Windows XP will ... 
Security in 2013 – the way forward?Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into the context of typical hygiene of any IT environment. Let's try to understand, where we stand ... 
The Directory in the Cloud?It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations. Even though it is three years, the paper is still worth reading as the content still applies. What we basically said was, that if you look at the Cloud, there are five areas of Considerations: Compliance and Risk Management: Organizations shifting ... 
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along . . . → Read More: 10 Years of Trustworthy Computing at Microsoft If you like Scott Chaney’s suggestion he made at ISSE this week called Collective Defense – Applying Public Health Models to the Internet he raised very good points about the different roles the participants in the Internet Health Ecosystem have to play. Into that, the following article fits in fairly nicely: Comcast to notify subscribers with infected PCs . . . → Read More: Responsibility of ISPs for the ecosystem? As you know (I stress that fairly often ), I am Swiss. The reason why I am stressing this today is that I want to give you an example on security from the Swiss market: The banks here on place compete with each other – obviously. However, I have never seen the banks competing on . . . → Read More: Vulnerability Disclosure to Compete? The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the . . . → Read More: Open Source and Hackers This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products. So, I read through it and to me it . . . → Read More: We Need Solid and Strong Transparent Processes for the Cloud Ait ss you know from my postings on Cloud and security and the paper on the Cloud Security Considerations we wrote, I am convinced that there are five areas you should look at, when you try to migrate to the Cloud: Compliance and Risk Management Identity and Access Management Service Integrity Endpoint Integrity Information Protection . . . → Read More: Customer Stories: Why it is not THAT easy to move to the Cloud “Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a huge amount of data we . . . → Read More: Microsoft Security Intelligence Report – What it means for EMEA I was reading a paper recently, where I initially thought it is a joke (it looked scientifically, therefore I was not too scared). But as our research department did it, it is serious and really, really good – at least it definitely made me think. It is called So Long, And No Thanks for the . . . → Read More: Why Today’s End-User Education Fails! On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets. Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the . . . → Read More: Results of Operation b49 (Botnet Takedown) I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is . . . → Read More: Security Development Lifecycle – Website! |
|
|||||
|
Copyright © 2013 Roger Halbheer on Security - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
