| I'm a geek. To me, waiting these next few days for the launch of Windows 7 is like waiting for Christmas. The anticipation is almost unbearable. You see all the gifts that sit underneath the Christmas tree, but you can't open them until Christmas morning! You know it is going to be good. You've seen Kylie on TV telling you that "More Happy is Coming" … and trust me, it is. (Personally, I wish Kylie had gone into the finer points of how BitLocker To Go works on older Windows XP machines, but I digress.) You know that once we fire up the Microsoft marketing engine, everyone on the planet will have heard about Windows 7 by October 22. What I'd like to talk about this month is something that will probably not get as much as focus as the "gigantic enormous worldwide Windows launch event to beat all launch events!" No, I'm not going to spend a long time discussing the security features in Windows 7. I would love to do so, but space prevents me. Instead, I want you to understand one of the "less shiny" processes that make this a terrific operating system and that, if used properly, can help your organization as well. It's a little thing called the Microsoft Security Development Lifecycle (SDL). Microsoft has been talking to developers about this for years, and they understand the importance, but the business owners didn't give them the time to do it right. Now we're starting to see where the SDL makes sense to the decision makers as well. Want proof? Check out the Microsoft SDL: Return On Investment white paper and give these guys the time and resources to code securely! The SDL team also released some great new tools that they'll share with us in this month's Security Tip of the Month, "Using BinScope Binary Analyzer to Improve Code Security." Good stuff! Before you leave me, let me just say to my IT folks: now is the time to make the move off of Windows XP. In the past, we've had what I called the "WinXP chasm"—you wanted to move to a more secure operating system, but application compatibility kept you locked in place. After all, the business must justify the means. Windows 7 is the solution to all of that. Better drivers (many are already available) and the ability to run Windows XP in a virtual machine called Windows XP Mode on Windows 7 really helps tear down those barriers. It just works. So get to that "gigantic enormous worldwide Windows launch," check out the features, and start the migration. After all, "more happy" is just a few days away. See you at the launch party! Kai Axford, MBA, CISSP, MCSE Sr. Security Strategist, Microsoft Trustworthy Computing (TwC) http://blogs.technet.com/kaiaxford
Top Stories | | By building on the same security principles used to manage risks to Microsoft software development and operating environments, the Online Services Security and Compliance (OSSC) team at Microsoft has created an online Information Security Program—one that results in continuous improvements to security for the Microsoft cloud computing environment. Find out what cloud computing at Microsoft means today. | | | Learn about the U.S. Government's vision for cloud computing, beginning with Apps.gov, an online marketplace where federal agencies can find and purchase cloud-based IT services. | | | Learn how to meet Payment Card Industry Data Security Standard (PCI DSS) requirements using standard Microsoft products and technologies. |
Security Guidance | | This Microsoft verification tool analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft Security Development Lifecycle (SDL) requirements and recommendations. | | | MiniFuzz is a simple fuzzer designed to ease adoption of fuzz testing by nonsecurity people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes. | | | As software becomes more vulnerable to attacks, it is important that your team is equipped with tools that effectively help them write more secure code. Learn how to use BinScope to quickly and easily verify that your code complies with the requirements of the Microsoft SDL. | | | Take a tour of the capabilities of the Microsoft cloud platform by building and running a simple service using the platform SDK. This demo-heavy video highlights some of the features of the platform including service management, storage, and an integrated developer experience. | | | Windows Azure Storage provides durable, scalable, available, secure, and performance-efficient storage services for the cloud, and it does this through familiar and easy-to-use programming interfaces. Windows Azure Blob provides a simple interface for storing named files along with metadata for a file. Learn about the Windows Azure Blob programming interface and the advanced blob concepts. | | | Get familiar with the encryption algorithms and practices used to create cryptographic schemes for your cloud applications. Learn more about symmetric and asymmetric encryption algorithms, the SHA256 hash encryption algorithms, and how to implement these in a simple application. | | | This comprehensive set of technical content includes hands-on labs, presentations, and demos designed to help you learn how to use and develop for the Windows Azure platform including Windows Azure, SQL Azure, and .NET Services. | | | Explore ways to secure the .NET Services Bus and learn about helper classes and utilities to automate many of the details. |
This Month's Security Bulletins Critical: Important: Security Bulletin Overview for October 2009
The Business of Security | | By Andreas Wuchner, IT Manager and Risk, Compliance, and Security Professional, Deutsche Bank In today's IT security market, more and more people are fighting for the same positions. What skills are companies looking for? How can you improve your chances and set yourself apart? From certification to communication skills, IT Manager Andreas Wuchner shares the insight he has gained from over a decade of hiring IT security and risk professionals. Coming soon... Is there a topic you would like to see us discuss? Send us an e-mail message at secaware@microsoft.com. |
Microsoft Product Lifecycle Information
Security Events and Training | | Security in the cloud must marry the capabilities of the outward-looking Web (reach, customer interaction) with the inward-looking requirements (data retention, security, employee productivity) of an organization. Use this learning path to find out how to flexibly deploy an application on-premises or in the cloud, or both, and learn what you can do to help the business attain its goals of flexibility, usability, and security. | | | Learn about Windows 7 core platform security improvements at the free, live event "The New Efficiency," with sessions and demonstrations on secure messaging, secure collaboration, information protection, and identity and access management. |
Upcoming Security Webcasts | | Use this dynamic, interactive format to find upcoming security webcasts. | For IT Professionals For Developers Now On Demand
|
