Roger Halbheer on Security
In my last post we looked into why Zero Trust is not this huge revolutionary vision but something reflecting today’s reality. Technology is ready to go –technology is ready for you to embark on a journey and start to align your security architecture and investments with this approach. The biggest change when implementing Zero Trust…
Since Covd-19 started, I probably talked more about Zero Trust than ever before. Not that the concept is new, but the pressure to apply it, suddenly increased dramatically with all the users sitting at home and not within the “well-protected” network perimeter. There were different challenges companies faced these times but two came up repeatedly:…
I guess you heard the ruling by the Court of Justice for the European Union on cross-border transfer. I think it is important to understand our position on this as outlined here: Assuring Customers About Cross-Border Data Flows From my point of view the important parts are: Today the Court of Justice for the European…
We often get questions about how we protect the AAD infrastructure and how the data is governed. This paper gives you really good background: Azure Active Directory – Data Security Considerations
One area, where our story was not as strong as the rest was IoT/OT. We have a broad portfolio already in Azure IoT offering different options to manage IoT and OT devices from the cloud but in the security space there was room for improvement. With the acquisition of CyberX, which we announced yesterday (Microsoft…
As you might know, I am part of the Cybersecurity Advisory Board of the Swiss Academy of Engineering Sciences here in Switzerland. In this capacity I had the opportunity to publish an article at Inside IT: SATW insights: Zero Trust – Sicherheit in Zeiten von Homeoffice (in German).
Enjoy!
With people working remotely at the moment, managing the insider risk is one of the important areas to look at. We often look at three scenarios: Data theft by departing employees Intentional or unintentional leak of sensitive or confidential information Actions and behaviors that violate corporate policies We released a product called Insider Risk Management…
Zero Trust is definitely not new but around for something like 16 years if you look at it. This is, when the Jericho Forum was formally established and Network Access Control architectures started to get deployed (or at least designed). It definitely got some tailwind 10 years later with Google’s work on BeyondCorp (as a…
We talked about this very often so far: Passwords are by far the weakest link when it comes to security today. 81% of successful attacks involve lost, breached or re-used passwords. There is another fairly current article mentioning that, even when it comes to industrial espionage in the times of COVID-19: State-linked hacking continues amid…
This blog post gives you a few interesting tips based on our Threat Intell and what we see currently (including a few advanced hunting ideas):
Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
With countries slowly trying to find a way back to a new normality, contact tracing is one of the means to keep the infection rate on an acceptable level. Digitalization might be one way to support these activities – the corresponding apps on phones are in the press since a while. Privacy and the “Big…
The question what the malicious actors do during the crisis is one which comes up fairly often. My observation was – as bad as it sounds – that we had “business as usual”. As with any catastrophe or significant event, we see themed phishing attacks popping up – the same here. I guess as long…
During these days with a lot of people in their Home Office, discussions around Zero Trust are more important than ever as this journey enables scenarios like we see today. There are different resources, which might be interesting for you to look at: Microsoft Zero Trust assets These are links to currently available assets. We…
This week we will run a webinar as a follow up to a blog post: the Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios These webinars will take place: Session 1: Tuesday, March 31, 2020 9:00 AM Pacific Time Session 2:Tuesday, March 31, 2020 6:00…
As a lot of companies migrated to Microsoft Teams to enable all the Home Office scenarios, there is a good chance that certain things cooled down a bit on the end of the IT department. It might be time to look at security and compliance in Microsoft Teams as well. Matt Soseman, a Security Architect…
There is plenty of information out there how to secure a “Home Office” environment in these days and I do not want this to be another one. However, I tried to compile a few resources, which might help you overcome some of the current challenges: VPN Shortage Quite some customers initially decided to route their…
< Deutsch weiter unten> Yes, I am sitting in my Home Office – as you might these days. Maybe the difference is that I am more or less used to this situation, my family knows how to cope with it and I have the infrastructure to do so. Talking of infrastructure: Having two almost adult…
We are asked in quite some calls, how we handle the pandemic situation at Microsoft. As a lot of us are used to home office, the change is intense but not that big. Customer events were cancelled (as in a lot of other companies as well) or moved to virtual, which actually proves to be…
If you are looking for a new challenge with the leader in Cybersecurity, there are currently a lot of open positions and therefore a lot of opportunities for you:
Cybersecurity Career Opportunities
Feel free to reach out of you have any question.
While governments across the Globe are still trying to negotiate whether climate change is real or not, Microsoft is taking a bold step by announcing that we will be carbon negative by 2030. Not only that: By 2050 Microsoft will remove all the carbon emissions we have emitted directly or indirectly through electricity consumption since…
