Posted by: kurtsh | August 30, 2009

NEWS: CIO Magazine – “Five Lessons from Microsoft on Cloud Security”

image More interesting news from CIO highlighting our focus and practices around Cloud Security.

Five Lessons from Microsoft on Cloud Security
The software titan reviewed its security approach to cloud computing and developed new strategies. Here’s what one Microsoft cloud expert says he’s learned.


Tue, August 25, 2009CIO — While Google, Amazon and Salesforce have gotten the most attention as cloud service providers, Microsoft—with its 300 products and services delivered from its data centers—has a large cloud bank all its own.

In May, the company released a paper on its approach to cloud services and how the company plans to secure those services. The paper—penned by Microsoft’s Global Foundation Services, the group responsible for overseeing the company’s software-as-a-service infrastructure—spells out the current dangers for online services, including a growing interdependence between customers and the companies that serve them and more sophisticated attacks on Internet services.


[For timely cloud computing news and expert analysis, see’s Cloud Computing Drilldown section. ]

Microsoft argues that its approach to security, which it carved out with its Trustworthy Computing Initiative in 2002, works as well for online services, with some modification.

"If I take the traditional security principles, that hasn’t changed in terms of discipline and approach," said Charlie McNerney, general manager for business and risk management at Microsoft’s GFS. "What has expanded is the amount of controls we have applied."

In recent interviews, McNerney and other cloud providers shared their thoughts on Microsoft’s approach to securing cloud services and the data centers that power such services.

1. Discuss risk with customers
The security of cloud services worries many customers, and it should, said McNerney. Figuring out where the responsibilities lie with respect to a customer’s data is an important conversation, he says.

"What are the defect scenarios and the responsibilities that parties have in that environment when it breaks," McNerney says. "That is the type of thing that large enterprise companies want to talk about the most."

But Microsoft has found that security is not just a worry for their biggest clients. Web sites and e-mail are central to the brand of any company and have to be protected, he says.

"I don’t find anyone casual on trust," McNerney says. "The small guy operating on the Web with his commerce site is just as passionate about security as the big guys."


Digg This


%d bloggers like this: