An important step toward peace and security in the digital world

I think we are all in agreement that the internet as it is today is a great achievement but there needs to be a certain level of agreement between the different players what should be done and what not. On November 12th, Microsoft and other technology providers like Google, Facebook, Intel, Ericsson, Samsung, Accenture, Fujitsu,…

Confidential Computing – A Silver Bullet for the Cloud?

When it comes to encryption and data we solved different problems. Since the invention of algorithms like DES, 3DESand/or AES symmetric encryption is something we understand and can solve. With RSA and Diffie-Helman key management and key exchange can be implemented with reasonable management overhead. This led to solid and trusted implementations of encryption at…

Microsoft Security Intelligence Report v23 available!

I still remember the first one and now we reach version 23… It has a lot of insights into the malware and cybercrime landscape with really actionable recommendations. The Microsoft Security Intelligence Report can be accessed in different ways: Infographic – https://aka.ms/SIRv23Info Full Report – https://aka.ms/SIRv23 Webinar (April 10th at 10 am PDT) – https://aka.ms/SIRv23webcast…

Is there a future for Product Certifications?

Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose…

Security Development Lifecycle: Quick References

A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical…

Information Security Management System for Microsoft Cloud Infrastructure

Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft’s Cloud Infrastructure, as well as some of the processes and benefits realized from operating this model.…