Azure Active Directory Data Security Considerations
We often get questions about how we protect the AAD infrastructure and how the data is governed. This paper gives you really good background: Azure Active Directory – Data Security Considerations
Next Step in IoT/OT Security: Microsoft acquires CyberX
One area, where our story was not as strong as the rest was IoT/OT. We have a broad portfolio already in Azure IoT offering different options to manage IoT and OT devices from the cloud but in the security space there was room for improvement. With the acquisition of CyberX, which we announced yesterday (Microsoft…
Zero Trust and Home Office
As you might know, I am part of the Cybersecurity Advisory Board of the Swiss Academy of Engineering Sciences here in Switzerland. In this capacity I had the opportunity to publish an article at Inside IT: SATW insights: Zero Trust – Sicherheit in Zeiten von Homeoffice (in German).
Enjoy!
Insider Risk Management
With people working remotely at the moment, managing the insider risk is one of the important areas to look at. We often look at three scenarios: Data theft by departing employees Intentional or unintentional leak of sensitive or confidential information Actions and behaviors that violate corporate policies We released a product called Insider Risk Management…
Zero Trust in the IoT/OT Space
Zero Trust is definitely not new but around for something like 16 years if you look at it. This is, when the Jericho Forum was formally established and Network Access Control architectures started to get deployed (or at least designed). It definitely got some tailwind 10 years later with Google’s work on BeyondCorp (as a…
Hackers don’t break in – they log in
We talked about this very often so far: Passwords are by far the weakest link when it comes to security today. 81% of successful attacks involve lost, breached or re-used passwords. There is another fairly current article mentioning that, even when it comes to industrial espionage in the times of COVID-19: State-linked hacking continues amid…
Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
This blog post gives you a few interesting tips based on our Threat Intell and what we see currently (including a few advanced hunting ideas):
Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
Privacy Principles in Tracking Apps
With countries slowly trying to find a way back to a new normality, contact tracing is one of the means to keep the infection rate on an acceptable level. Digitalization might be one way to support these activities – the corresponding apps on phones are in the press since a while. Privacy and the “Big…
Threat Intelligence on COVID-19
The question what the malicious actors do during the crisis is one which comes up fairly often. My observation was – as bad as it sounds – that we had “business as usual”. As with any catastrophe or significant event, we see themed phishing attacks popping up – the same here. I guess as long…
Zero Trust Journey
During these days with a lot of people in their Home Office, discussions around Zero Trust are more important than ever as this journey enables scenarios like we see today. There are different resources, which might be interesting for you to look at: Microsoft Zero Trust assets These are links to currently available assets. We…
Webinar: Securing Remote Work
This week we will run a webinar as a follow up to a blog post: the Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios These webinars will take place: Session 1: Tuesday, March 31, 2020 9:00 AM Pacific Time Session 2:Tuesday, March 31, 2020 6:00…
Security and Compliance in Microsoft Teams
As a lot of companies migrated to Microsoft Teams to enable all the Home Office scenarios, there is a good chance that certain things cooled down a bit on the end of the IT department. It might be time to look at security and compliance in Microsoft Teams as well. Matt Soseman, a Security Architect…
Secure Working from Home – Some Ideas and Guidance
There is plenty of information out there how to secure a “Home Office” environment in these days and I do not want this to be another one. However, I tried to compile a few resources, which might help you overcome some of the current challenges: VPN Shortage Quite some customers initially decided to route their…
Secure Virtual Coffee – Top of Mind?
< Deutsch weiter unten> Yes, I am sitting in my Home Office – as you might these days. Maybe the difference is that I am more or less used to this situation, my family knows how to cope with it and I have the infrastructure to do so. Talking of infrastructure: Having two almost adult…
Corona and How We Work From Home
We are asked in quite some calls, how we handle the pandemic situation at Microsoft. As a lot of us are used to home office, the change is intense but not that big. Customer events were cancelled (as in a lot of other companies as well) or moved to virtual, which actually proves to be…
Cybersecurity Group is Hiring!
If you are looking for a new challenge with the leader in Cybersecurity, there are currently a lot of open positions and therefore a lot of opportunities for you:
Cybersecurity Career Opportunities
Feel free to reach out of you have any question.
Microsoft will be carbon negative by 2030
While governments across the Globe are still trying to negotiate whether climate change is real or not, Microsoft is taking a bold step by announcing that we will be carbon negative by 2030. Not only that: By 2050 Microsoft will remove all the carbon emissions we have emitted directly or indirectly through electricity consumption since…
Azure is now certified for the ISO/IEC 27701 privacy standard
This is definitely a significant next step in our efforts to drive privacy and a transparent way. It will help our customers to fulfill their privacy obligations in a more straightforward way..
Azure is now certified for the ISO/IEC 27701 privacy standard
First Significant GDPR Fines
It took a while. I expected GDPR to hit sooner and I expected the authorities to go after non-European companies. I was wrong in both cases. 1&1 – a German telco – just got hit with a significant fine for GDPR violations: € 9.55 Mio. The case is very interesting to me, especially if you…
Microsoft Threat Intell: GALLIUM: Targeting global telecom
I guess this is important for Telcos (and others): GALLIUM: Targeting global telecom