Microsoft shares about cloud computing and network security
Microsoft shares about cloud computing and network security
As the guest speaker today at AmCham’s Global Leaders Luncheon co-hosted with Microsoft and Vietnam Chamber of Commerce and Industry at Sheraton Hanoi Hotel, executive vice president, general counsel of Microsoft Corporation Brad Smith shared with VIR about Microsoft cloud computing and services, focusing on security policy and network security.
How does Microsoft ensure that data is safe on the cloud?
Microsoft cloud services are designed, developed, and are operated to help ensure customer data is secure.
Microsoft is committed to delivering trustworthy cloud services, and is in a unique position to do so based on its experience, investments, partnerships in the industry and history of commitment over the past 10-plus years toward the creation and delivery of secure, private, and reliable computing experiences.
To help protect against Internet-based security threats and continuously asses and enhance the security of Microsoft services, Microsoft utilises Operational Security Assurance (OSA). OSA is a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft, and deep awareness of the cybersecurity threat landscape. OSA combines this knowledge with the experience of running hundreds of thousands of servers in data centres around the world that deliver more than 200 online services to more than a billion customers and 20 million businesses in 88 countries.
OSA helps make Microsoft cloud-based services’ infrastructure more resilient to attack by decreasing the amount of time needed to prevent, detect, and respond to real and potential Internet-based security threats, thereby increasing the security of those services for customers.
How does Microsoft help ensure security is built into its products and services?
Cybersecurity and data privacy are engineered into Microsoft products and services from the initial design stage and throughout the development process using the Security Development Lifecycle (SDL) – a holistic and comprehensive software development process for writing more secure and privacy-enhanced code, and enabling more reliable products and services.
How does Microsoft work with governments?
Throughout the history of our company, we have worked with governments to help them build and deploy more secure IT infrastructure and services to protect their citizens and national economies.
We work with governments, businesses, and other industry leaders to help enforce and shape legislative proposals, harmonise laws across jurisdictions, develop responsible business practices, and strengthen self-regulatory mechanisms that lead to greater protections for individuals and their personal information
How closely do you work with the Vietnamese government to gather users’ data?
We do not provide any government with direct and unfettered access to our customers’ data. We only comply with valid legal orders for customer data that are targeted at specific accounts and identifiers, and we only provides the specific data mandated by the relevant legal demand. Our transparency reports demonstrate clearly that only a tiny fraction – fractions of a per cent – of our customers have ever been subject to a government demand related to criminal law or national security.
How should companies address cyber threats?
There are a number of steps that companies can take to instill confidence that customers’ data will be handled securely. First, those managing IT systems must improve their basic security fundamentals to counter the opportunistic threats and make persistent and determined adversaries work harder. This includes migrating to newer, more secure systems, patching vulnerabilities promptly, configuring systems properly (in part through increased automation), educating users about the risks of social engineering, and taking other steps - whether they involve people, processes or technology - to manage risks more effectively than they do today.
The second part of the strategy involves fundamentally altering their security posture to address the persistent and determined adversary. The security strategy deployed for blunting opportunistic threats- security strategy focused predominantly on prevention and secondarily on incident response- will not be enough. We must focus on three key areas: prevention, detection, and recovery
vir
