Monday, December 19, 2011

Microsoft Security Newsletter – December 2011


NOTE FROM THE EDITOR

Tim Rains Welcome to the last Security Newsletter of 2011!

The theme of this month's newsletter is Cloud Computing. Last month I attended the second annual Cloud Security Alliance Congress in Orlando, Florida. The Cloud Security Alliance has emerged as a leading industry authority focused on promoting the use of best practices for providing security assurance within cloud computing, and providing education on the uses of cloud computing. I learned a lot about Cloud security at the event and share some of what I learned in this recent blog post on the Trustworthy Computing blog.

We have released some new videos focused on topics related to Cloud security, privacy and reliability called the Cloud Fundamentals Video Series, hosted by yours truly. If you are interested in learning about topics like compliance, standards, service level agreements, and risk management, as they related to cloud computing, these short videos should be helpful.

In addition to all the great cloud computing content in this month's newsletter, check out this site dedicated to private cloud architectural resources called the Private Cloud Solution Hub.

Talk to you in 2012!

Best regards,
Tim Rains, Director, Product Management, Microsoft Trustworthy Computing


December 2011 Edition

IN THIS ISSUE

Top Stories
Security Guidance
Community/MVP Update
The Business of Security
Cloud Security Corner
This Month's Security Bulletins
Microsoft Product Lifecycle Information
Security Events and Training
Upcoming Security Webcasts

Follow the Microsoft Security Response team on Twitter @MSFTSecResponse for the latest information on the threat landscape.


Microsoft Office 365 Cloud-Based Productivity Service Now Helps Customers Comply with HIPAA Privacy and Security Standards
With reimbursements falling and medical loss ratio minimums rising, hospitals, physicians, and health plans are under unprecedented pressure to drive down operating costs while still improving the quality and safety of patient care. Explore how Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 so that Office 365 is now a cloud-based platform that complies with leading information privacy and security standards for customers operating in the United States and European Union.

Patterns & Practices: Cloud Security Approach in a Nutshell
See how Microsoft is building on experience to secure its own cloud developments and utilizing an approach that simplifies and improves security by chunking up security in a way that helps leverage proven practices, while sharing information around emerging practices.


Cloud Computing: Cloud Security Concerns
While maintaining appropriate data security continues to be a prevailing concern, a cloud computing infrastructure can actually increase your overall security. Learn how then explore specific concerns around virtual cloud security in the follow-up article.

Cloud Security Overview
Moving to a cloud-based platform requires a change in mindset for IT security professionals. Explore key security considerations for the cloud, the differences between the public and private cloud, and why the ideal solution is often an in-house private cloud solution that exists entirely behind the firewall and hybrid clouds, but which combines private cloud systems with Internet-based (public or private cloud) services.

Cloud Security: Safely Sharing IT Solutions
Find out how you can share IT solutions between the fixed cost of local resources and the variable cost of cloud resources without losing control of access to enterprise assets.

Identity and Access Management in the Cloud
Identity and access management (IAM) refers to the processes, technologies, and policies for managing digital identities and controlling how identities can be used to access resources. Explore why identity management in a cloud system requires a complex collection of technologies to manage authentication, authorization and access control across distributed environments.

Security Considerations for Infrastructure as a Service (IaaS)
Gain a better understanding of common concerns and scenarios around security for and public cloud and private cloud Infrastructure as a Service (IaaS) solutions. From network security to storage and data, this article provides a number of insights that can help you implement a better, more secure IaaS.

Managing the Cloud with Windows Intune
Learn how the cloud-based PC management solution Windows Intune can help you keep your organization's PCs secure, updated and manageable, no matter where they are located. This article provides detail on each workspace in Windows Intune and the benefits it provides as well as background information on the technical architecture. Want more technical information on Windows Intune?
Understanding Security Account Management in Windows Azure
Find out why, although cloud computing relieves some of the security burden, you still have an active role in managing access, securing communications, and ensuring data protection.

Crypto Services and Data Security in Windows Azure
Get an introduction to some of the basic concepts of cryptography and related security considerations with Windows Azure including key storage and persistence, immutability, and message queues.


MVP Article of the Month: Designing a Cloud-Based Mobile Application for Compliance
By Dan Griffin, Microsoft MVP - Enterprise Security
For rapid development and deployment of a mobile application using federated authentication, the cloud is often the fastest and most cost-effective option available. Using real-world scenarios, this article analyzes how a solution can be deployed securely and successfully to the cloud while still complying with industry security standards and requirements.


Enhancing Your Business and Career with the Private Cloud

This exciting track from Microsoft Virtual Academy focuses on how the private cloud can help your business and your career as an IT professional. Learn about cloud business drivers and business processes, get some business and technical fundamentals, learn how to extend your private cloud to the outside world so that your "hybrid" cloud can benefit both you and your business. This track currently comprises three distinct, 200-level modules:
  • Achieving Success with Cloud Computing
  • Building Your Career On The Private Cloud
  • Extending Your Private Cloud to the Outside World

Introduction to the Cloud: Fundamentals
This introduction video is the first in a series of videos focused on sharing some of the things Microsoft is learning from its customers around cloud security, privacy and reliability. Get insights from some of Microsoft's senior leaders responsible for managing Microsoft's cloud service offerings.

TechNet Wiki Spotlight: How to Create and Configure a Private Cloud in System Center Virtual Machine Manager 2012 - Part 1
Learn how to use System Center Virtual Machine Manager 2012 to create, configure, and manage a private cloud infrastructure then move on to delegate control in part two of this TechNet Wiki article.


Critical:
Important: Security Bulletin Overview for December 2011
SECURITY PROGRAM GUIDE

Microsoft SDL - Developer Starter Kit
Security Awareness Materials
Learn Security On the Job
SECURITY BLOGS

Trustworthy Computing Security/Privacy Blogs RSS
Microsoft Security Blog RSS
MSRC Blog RSS
ACE Team RSS
Windows Security RSS
Forefront Team RSS
Solution Accelerators - Security & Compliance RSS
Security Vulnerability Research & Defense RSS
Security Development Lifecycle (SDL) RSS
UPCOMING CHATS

View a listing of upcoming technical chats
COMMUNITY WEBSITES

IT Pro Security Community
ADDITIONAL SECURITY RESOURCES

Security Help and Support for IT Professionals
TechNet Troubleshooting and Support Page
Microsoft Security Glossary
TechNet Security Center
MSDN Security Developer Center
Sign-Up for the Microsoft Security Notification Service
Security Bulletin Search Page
Microsoft Security Center
Home Users: Protect Your PC
MCSE/MCSA: Security Certifications
Subscribe to TechNet
Register for TechNet Flash IT Newsletter

Windows XP End of Support: April 8, 2014
On April 8, 2014, security patches and hotfixes for all versions of Windows XP will no longer be available. This means that, after this date, PCs running Windows XP will be vulnerable to security threats. In addition, many third party software providers are not planning to extend support for their applications running on Windows XP, which translates to even more complexity, risk, and ultimately, added management cost for your IT department if you are still managing Windows XP environments. Explore your options with this blog post from the Springboard Series and download the Windows XP End Of Support Countdown Gadget to help remind you about this important milestone.

Find information about your particular products on the Microsoft Product Lifecycle Web site.

Microsoft Virtual Academy: Planning, Building and Managing a Private Cloud

Learn to better understand, plan for, and manage Microsoft private cloud offerings. This track begins with an introduction of Microsoft's vision for private cloud computing then provides details on how to plan a successful private cloud project. The final module will focus on implementation using a hands-on view of how Microsoft System Center Management tools help manage a private cloud, plus an in-depth discussion on how to implement these tools. There will also be demonstrations of System Center Virtual Machine Manager (VMM), Opalis, and Avicode.

Microsoft Virtual Academy: Windows Azure Security Overview

Learn the essentials of Windows Azure Security by covering the security protection included at every layer. This track covers the security mechanisms included with Windows Azure at the physical, network, host, application, and data layers. Furthermore, you'll walk away with a basic understanding of some of the identity options you have to authenticate to Windows Azure.


For IT Professionals
For Decision Makers
Now on Demand
  • TechNet Webcast: A Tale of Two Clouds: The Microsoft Hybrid Cloud Solution (Level 200)
    Using a public cloud has too many security concerns for some companies; small companies may be too small for a private cloud. A hybrid cloud solution takes the best advantage of the cloud and still gives you control. This webcast discusses preparing for a hybrid cloud solution starting with server virtualization and always with security considerations in mind.

This is a monthly newsletter for IT professionals and developers—bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.

© 2011 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Microsoft respects your privacy. To learn more please read our online Privacy Statement.

If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA



2011 Microsoft Corporation Sign up for this newsletter | Update your profile | Terms of Use | Trademarks

Your cOmment"s Here! Hover Your cUrsOr to leave a cOmment.


Subscribe to: Post Comments (Atom)