How to leverage “Secure Access Workstations” for the Cloud

This is a questions I get fairly often. But before I try to answer, let’s take a step back: We know that attackers typically try to compromise user accounts and then move laterally until they find higher-value credentials. The holy grail in this movement is typically and administrator who uses his admin account to surf…

Decentralized identity and the path to digital privacy

This week the European Identity and Cloud Conference took place, where Joy Chik, Corporate Vice President, Microsoft Identity was talking. She was actually announcing some very interesting efforts around identity and privacy, mainly the work we do around decentralized identity. If you read her blog post here, you will find a few very remarkable statement like…

Make No Mistake — Microsoft Is A Security Company Now

That’s not a bad start of the day, reading such a headline from a Forrester analyst. I am often asked, how far we are going to drive security within Microsoft. Well, I guess here you have an answer from an outsider: Make No Mistake — Microsoft Is A Security Company Now. Even though the author…

An important step toward peace and security in the digital world

I think we are all in agreement that the internet as it is today is a great achievement but there needs to be a certain level of agreement between the different players what should be done and what not. On November 12th, Microsoft and other technology providers like Google, Facebook, Intel, Ericsson, Samsung, Accenture, Fujitsu,…

Confidential Computing – A Silver Bullet for the Cloud?

When it comes to encryption and data we solved different problems. Since the invention of algorithms like DES, 3DESand/or AES symmetric encryption is something we understand and can solve. With RSA and Diffie-Helman key management and key exchange can be implemented with reasonable management overhead. This led to solid and trusted implementations of encryption at…

Microsoft Security Intelligence Report v23 available!

I still remember the first one and now we reach version 23… It has a lot of insights into the malware and cybercrime landscape with really actionable recommendations. The Microsoft Security Intelligence Report can be accessed in different ways: Infographic – https://aka.ms/SIRv23Info Full Report – https://aka.ms/SIRv23 Webinar (April 10th at 10 am PDT) – https://aka.ms/SIRv23webcast…

Is there a future for Product Certifications?

Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose…