From Lord Time@TIME to All on Wed Sep 30 14:59:05 2015
Microsoft Security Newsletter - September 2015
Microsoft Security Newsletter
Welcome to September's Security Newsletter!
The theme of this month's newsletter is data security. The CISOs I meet are responsible for protecting their organization's data whether it's on-premises, on mobile devices or Internet of Things (IoT) devices, or in the cloud—or traveling anywhere between these points.
It's interesting to see the different security strategies that different organizations are employing these days. The underlying assumption for some organizations' security strategy is that since they aren't managing all the devices that their information workers use, consistently, then all of those devices should be treated as if they are untrusted. These organizations tend to focus on protecting the data and not the devices used to access it - which is a reasonable strategy for some organizations. They leverage
http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/ Microsoft Intune ), that enable them to manage a wide range of devices in a consistent and predictable manner. Most of the customers I talk to in this category are also using the layered protections built into Windows 7 and 8.1 to protect data, and plan to leverage all the new and enhanced protections built into Windows 10 such as
It's both a challenging time to be a CISO and a great time to be a CISO because of all the options organizations have to inform and support their security strategies. Please enjoy this month's newsletter.
What Makes a Good Microsoft Defense Bounty Submission?
One of Microsoft's longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. To cast a wider net for defensive ideas, Microsoft awarded the BlueHat Prize in 2012 and subsequently started the ongoing Microsoft Defense Bounty in June, 2013 which has offered up to $50,000 USD for novel defensive solutions. Last month, we announced that we will now award up to $100,000 USD for qualifying Microsoft Defense Bounty submissions. Learn how Microsoft evaluates defensive solutions and the characteristics that we look for in a good defense.
In today's environment, information security executives face a challenge of protecting company assets by optimally aligning defenses with an ever increasing number of threats and risks. Often, organizations have considerable investments in protection without using a risk-based approach to prioritizing investments. This approach leads to ineffective security controls and an inefficient use of resources.Information security organizations collect a tremendous amount of data about IT environments.For some organizations, activities occurring on those IT infrastructures exceed more than ten billion events on a daily basis. In other words, considerable information is available about the environments we manage and it's that data that can help us make informed decisions.
In support of these challenges, considerable improvement in rigor and process is necessary to inform and make better business decisions. Drawing upon hundreds of engagements with Microsoft clients, as well as internal security operations, https://technet.microsoft.com/security/mt587084.aspx
this guide outlines a framework for dramatically improving operational security posture. The framework utilizes a data-driven approach to optimize investment allocation for security defenses and significantly improve the management of risk for an organization.
Find out how to control your data in Microsoft Azure through advanced technologies to encrypt, control and audit access, separate, and dispose of data according to your business needs. This video provides an overview of these technologies with a focus on encryption of data.
Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage
The Azure Storage Client Library for .NET supports encrypting data within client applications before uploading to Azure Storage, and decrypting data while downloading to the client. The library also supports integration with Azure Key Vault for storage account key management. Explore these methods and learn about encryption and decryption via the envelope technique.
Transparent Data Encryption (TDE) encrypts SQL Server and Azure SQL Database data files, known as encrypting data at rest. Learn how to use TDE including commands and functions, catalog views and dynamic management views, permissions, and other considerations.
While not available in every edition of SQL Server, Extensible Key Management (EKM) enables third-party EKM/HSM vendors to register their modules in SQL Server so that users can use the encryption keys stored on EKM modules. Find out how this enables SQL Server to access the advanced encryption features these modules support such as bulk encryption and decryption, and key management functions such as key aging and key rotation.
Whether it is at rest or in transit, Office 365 protects your data using a variety of encryption mechanisms. In addition to what's baked into the platform, you have several options for customer-controlled encryption features to meet the business needs of your organization. Learn about the different types of encryption technologies in Office 365 that you can use and how they work seamlessly across devices and platforms. This video talks about https://technet.microsoft.com/library/dn792011.aspx
Information Rights Management (IRM) with RMS, S/MIME, and
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Find out
Get a quick list of key security configuration options for the SQL Server Database Engine. Use this checklist to periodically audit your Database Engine environment. These recommended settings should be adjusted based on your security and business needs.
Microsoft understands that for you to realize the benefits of the cloud, you must be willing to entrust your cloud provider with one of your most valuable assets—your data. Learn how Microsoft's long experience running online services has involved extensive investment in foundational technology that builds security and privacy into the development process.
Explore the different regulations to which Office 365 and, more specifically, SharePoint Online and OD4B are compliant. You'll also find out what IRM means and how you can utilize it to secure your cloud data.
This hands on lab will familiarize you with the new Row Level Security (RLS) in SQL Server 2016, which allows you to store data for different customers, departments, or tenants in the same table, while restricting access to rows based on a query's execution context.
Learn how to protect files from unauthorized access by using Microsoft Azure Rights Management, the Microsoft Rights Management connector, the Rights Management sharing app, and Microsoft Office 2013. These technologies help protect data on devices that are domain-joined or standalone regardless of whether they are owned by the organization or a user.
In this introductory lab, you will learn how to use the Data Protection Manager console to protect and recover data. You will learn how to allocate local storage, configure protection for files and SQL Server databases, create recovery points, and recover data. You will also learn how to recover a database to a SQL Server cluster.
This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please http://click.email.microsoftemail .com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a0079e5cc587f4d16330b7c3c c8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc84856723b79aad9dc141ac1b2d1f f65f52b32c1ec81a40e05f7b65012608875ea&oneClick=newsletter
click here . These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications http://clic k.email.microsoftemail.com/m_hcp.aspx?qs=0bb7f39debca1b0ad10fb2e924b6311d344a00 79e5cc587f4d16330b7c3cc8e7aa3d48879950d85d33a47e9a9586dfefd285dcac31618dc848567 23b79aad9dc141ac1b2d1ff65f52b32c1ec81a40e05f7b65012608875ea
click here .
One Microsoft Way
Redmond, WA 98052 USA
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games