Confidential Computing – A Silver Bullet for the Cloud?

When it comes to encryption and data we solved different problems. Since the invention of algorithms like DES, 3DESand/or AES symmetric encryption is something we understand and can solve. With RSA and Diffie-Helman key management and key exchange can be implemented with reasonable management overhead. This led to solid and trusted implementations of encryption at…

Eight Essentials for Hybrid Identity

It is not new, that identity will become your new perimeter, your next control pane. Still I see a lot of companies struggle with the concept and with the feeling to have the identity in the Cloud. Often, I hear the statement that they “lose control” once the identity is (at least partly) managed in…

Microsoft Security Intelligence Report v23 available!

I still remember the first one and now we reach version 23… It has a lot of insights into the malware and cybercrime landscape with really actionable recommendations. The Microsoft Security Intelligence Report can be accessed in different ways: Infographic – https://aka.ms/SIRv23Info Full Report – https://aka.ms/SIRv23 Webinar (April 10th at 10 am PDT) – https://aka.ms/SIRv23webcast…

Leveraging EMET to Win Time to Patch – an Underestimated Jewel

There is a jewel in a security professional’s toolbox, which – in my opinion – is highly underused. At least this is true in infrastructures I know. Since years, Microsoft offers a free tool called EMET (Enhanced Mitigation Experience Toolkit). EMET helps you to leverage the security technology built into Windows. To quote the above…

Using the Cloud to solve business problems in today’s world

I often get asked by customers how I see the cloud in today’s environment. Honestly, I do not see it differently than I did an year ago. If I look at security in general, I see three challenges, which shape my mind: Most investments go towards protecting the infrastructure, whereas most attacks are successful on…

Targeted Attacks – a Video Series

Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend.

I would definitely urge you to listen to them and make sure you implement the countermeasures: Targeted Attacks Video Series

Roger

Enhanced by Zemanta

Is there a future for Product Certifications?

Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose…