Security and the Cloud

Every customer briefing we conduct for Power and Utility companies has session on security.  And rightfully so as the cyber world has become a dangerous place and the companies that operate the most critical of critical infrastructures must keep a vigilant eye to protect to our electric, gas and water systems from those that want to disrupt the very foundation of modern society. 

A good example of the magnitude of the situation comes from an article about the Orlando Utilities Commission’s efforts again cyber-attacks. In the article Jerry Sullivan, chief information officer for OUC says “Attacks are daily, they are unrelenting and they are evolving.” Mr. Sullivan goes on to say there use to be 30,000 probes into their firewalls on a daily basis and now has gone into the millions!Operational-Security-for-Online-Services-Overview

At Microsoft we recognize that the very foundation of our mobile first, cloud first strategy hinges on our efforts to help defend our customers and partners against the escalating dangers of the cyber world. We have written before about our landmark trustworthy computing efforts and we are committed to delivering trustworthy cloud services. We are in a unique position to do so based on our experience, investments, and history of commitment over the past 10+ years toward the creation and delivery of secure, private, and reliable computing experiences.

To give you a deeper understand of our efforts, I want to introduce you to our Operational Security Assurance (OSA) efforts. Operational Security Assurance (OSA) is a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft, including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, and deep awareness of the cyber-security threat landscape. OSA combines this knowledge with the experience of running hundreds of thousands of servers in data centers around the world that deliver more than 200 online services to more than 1 billion customers and 20 million businesses in 88 countries.

We use OSA to minimize risk by ensuring that ongoing operational activities follow rigorous security guidelines and by validating that guidelines are actually being followed effectively. When issues arise, a feedback loop helps ensure that future revisions of OSA contain mitigations to address them.

OSA helps make our cloud-based services’ infrastructure more resilient to attack by decreasing the amount of time needed to prevent, detect, contain, and respond to real and potential Internet-based security threats, thereby increasing the security of those services for customers.

We encourage you to visit our Cyber Trust Blog for more details on OSA which includes a video and whitepaper. The white paper and video will provide insights into how we apply resources to online services in ways that extend beyond traditional standards and methodology to deliver industry-leading capabilities. May the Secure Cloud be with You! – Jon C. Arnold