Microsoft commits to trust in a digital world

Cernuda makes opening remarks during the Microsoft Cyber Trust Experience 2016.

The world has changed a great deal since late 2014, with new data residency (sovereignty) requirements, local security requirements, encryption requirements and content restrictions in place around the world. Wikileaks, governments requesting information from technology vendors that is stored on devices they make or cloud storage they maintain, and new concerns about how personal data should be protected and shared for national security purposes are making the world of data security a very fluid one today, notes Jeffrey Avina, Director, Government Affairs, Microsoft Asia Pacific at the Microsoft Cyber Trust Experience event.

"The Internet has no borders," said Avina. "But countries have borders. National security still matters, and security for an individual still matters."

The key to doing business as a technology provider is to walk the fine line between maintaining public safety but offering some amount of personal freedom, with respect for national sovereignty that is balanced against open markets and a global network, he said.

Microsoft has made the commitment to protect customers in a cloud-first world while offering governments protection of digital security and respect for digital sovereignty, Avina added.

Governments around the world are developing new compliance requirements for data usage.

As laws today are still trying to catch up to the digital reality, Microsoft has adopted the ISO 27018 standard as a guide to how personally identifiable information (PII) should be treated. ISO/IEC 27018:2014 establishes commonly-accepted controls and guidelines for protecting PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. The standard champions transparency; clear, concise contract terms; compliance with local laws and regulations; as well as external audits to ensure that standards are being met.

Avina added that Microsoft does not mine customer data. "Microsoft is committed not to use that data other than how the customer would like it to be utilised," he said.

Dhakad describes the security landscape today.

Cybercrime is becoming both targeted and sophisticated.

The business impact of a data breach can be devastating.

Keshav Dhakad, Regional Director, Intellectual Property & Digital Crimes Unit, Microsoft Asia, listed common cyber attacks such as distributed denial of service (DDoS) attacks, credential compromises, and malware exploits as extremely common today.

"Attacks are becoming very diverse," he said. "Cyber criminals don't discriminate between good targets and bad targets. They will go after any company any sector where they can steal data.

"Wherever there are financial hubs, wherever there are centres of business, capital cities. you will find a concentration of attacks."

Dhakad listed vulnerabilities such as old systems, non-genuine environments, bad employee behaviour, bad cyberhygiene, lagging patches, inability to upgrade and lack of detection mechanisms as some of the ways that cyber criminals can use to gain access to victims' PCs. "All of these problems exist in Asia," he said. "In Asia IT maturity is low, and IT security awareness is just rising."

While banks and financial services expect to be attacked and typically protect themselves to some degree, Dhakad noted that healthcare institutions are also heavily attacked but the least prepared. "Diagnoses and medical reports can be changed," he warned. "Cybercrime.. equals business impact."

Microsoft, he shared, invests some US$1 billion in securing its systems. The company is investing in behavioural monitoring and machine learning for detection. It also receives global network and ecosystem insights through running the world's largest anti-malware service via Windows 10.

Security is particularly crucial for the Azure cloud, where data is already encrypted in transit, at rest, and end-to-end. "It's your data, you own it, you control it; we run the service for you, we are accountable to you," said Dhakad. "We need to ensure built-in security, privacy by design, and continuous compliance - national, local, international, and industry-specific."

Microsoft continues to work towards a more secure world within the ISO 27018 framework. Some milestones in 2015 shared by Cesar Cernuda, President, Microsoft Asia Pacific in his opening remarks include:

• Partnering with Interpol to disrupt a global malware attack affecting over 770,000 PCs in the past six months in April 2015; 
• Microsoft Azure and Office 365 achieving the highest level of certification for the Singapore Multi-Tier Cloud Security Standard in June 2015; 
• Acquiring Adallom to advance identity and security technologies in the cloud in September 2015, and 
• Adopting the first international cloud privacy standard in February 2015.

"Our job is to educate, we invest in R&D to make a world of intelligent cloud.. that people can trust," said Cernuda.

Microsoft cybersecurity initatives include the Cyber Threat Intelligence Program, which shares actionable intelligence with country computer emergency response teams (CERTs) and service providers, Microsoft Cybercrime Centers around the world, as well as sharing PhotoDNA image matching technology with law enforcement agencies to identify images of sexual exploitation. Two of seven Microsoft security centres are in Asia: there is a Korea Cybersecurity Center in South Korea and the Cybercrime Satellite Centre in Singapore, with Asia Pacific responsibilities.

Interested?

View the associated video

Read the TechTrade Asia blog posts about:

The Microsoft Malware Infection Index
The opening of the Korea Cybersecurity Center
The Cybercrime Satellite Center in Singapore

Hashtags: #CyberTrustAPAC, #Trustintech

posted from Bloggeroid