| | | | September 2015 |  | | Microsoft Security Newsletter | | | | | | | | | | Welcome to September's Security Newsletter! | The theme of this month’s newsletter is data security. The CISOs I meet are responsible for protecting their organization’s data whether it’s on-premises, on mobile devices or Internet of Things (IoT) devices, or in the cloud—or traveling anywhere between these points.
It’s interesting to see the different security strategies that different organizations are employing these days. The underlying assumption for some organizations’ security strategy is that since they aren’t managing all the devices that their information workers use, consistently, then all of those devices should be treated as if they are untrusted. These organizations tend to focus on protecting the data and not the devices used to access it – which is a reasonable strategy for some organizations. They leverage desktop and application virtualization technologies, data loss prevention, Rights Management Services, and identity services, and other controls to help them manage the risk to the data.
Other organizations have embraced new mobile device management offerings, like the Microsoft Enterprise Mobility Suite (which includes Microsoft Intune), that enable them to manage a wide range of devices in a consistent and predictable manner. Most of the customers I talk to in this category are also using the layered protections built into Windows 7 and 8.1 to protect data, and plan to leverage all the new and enhanced protections built into Windows 10 such as Enterprise Data Protection, BitLocker, Credential Guard, to name a few. For enterprise customers looking to evaluate these security features in Windows 10, please download the Windows 10 Enterprise Evaluation to try Windows 10 Enterprise free for 90 days.
It’s both a challenging time to be a CISO and a great time to be a CISO because of all the options organizations have to inform and support their security strategies. Please enjoy this month’s newsletter.
 | | Best regards,
Tim Rains, Chief Security Advisor
Cybersecurity & Cloud Strategy, Microsoft |
Want to share this newsletter with a friend or colleague? Click here for the online edition and subscription options.
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas.
| | |  | | Top Stories |  |  | | | | Cloud Security Controls Series: Encrypting Data at Rest
Learn about some of the controls that are available to help manage the security of data stored and processed in Microsoft’s cloud services, and Microsoft Azure in particular.
Privacy and Windows 10
In today’s connected world, maintaining our privacy is an incredibly important topic. Learn how Windows 10 was designed with straightforward privacy principles in mind.
What Makes a Good Microsoft Defense Bounty Submission?
One of Microsoft’s longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. To cast a wider net for defensive ideas, Microsoft awarded the BlueHat Prize in 2012 and subsequently started the ongoing Microsoft Defense Bounty in June, 2013 which has offered up to $50,000 USD for novel defensive solutions. Last month, we announced that we will now award up to $100,000 USD for qualifying Microsoft Defense Bounty submissions. Learn how Microsoft evaluates defensive solutions and the characteristics that we look for in a good defense.
| | | | | Security Guidance | | | | Security Tip of the Month: Implement a Data-Driven Computer Security Defense
By Roger A. Grimes, Microsoft IT Information Security and Risk Management
In today’s environment, information security executives face a challenge of protecting company assets by optimally aligning defenses with an ever increasing number of threats and risks. Often, organizations have considerable investments in protection without using a risk-based approach to prioritizing investments. This approach leads to ineffective security controls and an inefficient use of resources. Information security organizations collect a tremendous amount of data about IT environments. For some organizations, activities occurring on those IT infrastructures exceed more than ten billion events on a daily basis. In other words, considerable information is available about the environments we manage and it’s that data that can help us make informed decisions.
In support of these challenges, considerable improvement in rigor and process is necessary to inform and make better business decisions. Drawing upon hundreds of engagements with Microsoft clients, as well as internal security operations, this guide outlines a framework for dramatically improving operational security posture. The framework utilizes a data-driven approach to optimize investment allocation for security defenses and significantly improve the management of risk for an organization.
Enabling Data Protection in Microsoft Azure
Find out how to control your data in Microsoft Azure through advanced technologies to encrypt, control and audit access, separate, and dispose of data according to your business needs. This video provides an overview of these technologies with a focus on encryption of data.
Client-Side Encryption and Azure Key Vault for Microsoft Azure Storage
The Azure Storage Client Library for .NET supports encrypting data within client applications before uploading to Azure Storage, and decrypting data while downloading to the client. The library also supports integration with Azure Key Vault for storage account key management. Explore these methods and learn about encryption and decryption via the envelope technique.
Transparent Data Encryption
Transparent Data Encryption (TDE) encrypts SQL Server and Azure SQL Database data files, known as encrypting data at rest. Learn how to use TDE including commands and functions, catalog views and dynamic management views, permissions, and other considerations.
Extensible Key Management (EKM)
While not available in every edition of SQL Server, Extensible Key Management (EKM) enables third-party EKM/HSM vendors to register their modules in SQL Server so that users can use the encryption keys stored on EKM modules. Find out how this enables SQL Server to access the advanced encryption features these modules support such as bulk encryption and decryption, and key management functions such as key aging and key rotation.
SQL Server Backup Encryption
Starting in SQL Server 2014, SQL Server has the ability to encrypt the data while creating a backup. Explore usage scenarios, benefits, and recommended practices for encrypting during backup.
Encryption Controls in Office 365: Across Devices and Platforms
Whether it is at rest or in transit, Office 365 protects your data using a variety of encryption mechanisms. In addition to what's baked into the platform, you have several options for customer-controlled encryption features to meet the business needs of your organization. Learn about the different types of encryption technologies in Office 365 that you can use and how they work seamlessly across devices and platforms. This video talks about Information Rights Management (IRM) with RMS, S/MIME, and Office 365 Message Encryption and how these encryption technologies help keep your data safe and secure.
BitLocker in Windows 10
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. Find out what’s new in BitLocker in Windows 10, then find answers to frequently asked questions, planning tips, deployment guidance and much more.
| | | | | Community Update | | | | Database Engine Security Checklist: Database Engine Security Configuration
Get a quick list of key security configuration options for the SQL Server Database Engine. Use this checklist to periodically audit your Database Engine environment. These recommended settings should be adjusted based on your security and business needs.
| | | | | This Month's Security Bulletins | | | | | | September 2015 Security Bulletins
| | | September 2015 Security Bulletin Resources:
| | | | | Security Events and Training | | | | | | Azure, The Trusted Cloud
Thursday, October 1, 2015 – 10:00 AM Pacific Time
Microsoft understands that for you to realize the benefits of the cloud, you must be willing to entrust your cloud provider with one of your most valuable assets—your data. Learn how Microsoft’s long experience running online services has involved extensive investment in foundational technology that builds security and privacy into the development process.
Security, Compliance and IRM in Office 365
Thursday, October 15, 2015 – 11:00 AM Central Time
Explore the different regulations to which Office 365 and, more specifically, SharePoint Online and OD4B are compliant. You’ll also find out what IRM means and how you can utilize it to secure your cloud data.
TechNet Virtual Lab: Exploring Row Level Security
On demand
This hands on lab will familiarize you with the new Row Level Security (RLS) in SQL Server 2016, which allows you to store data for different customers, departments, or tenants in the same table, while restricting access to rows based on a query’s execution context.
TechNet Virtual Lab: On-Prem and Cloud App and Data Protection with Azure RMS
On demand
Learn how to protect files from unauthorized access by using Microsoft Azure Rights Management, the Microsoft Rights Management connector, the Rights Management sharing app, and Microsoft Office 2013. These technologies help protect data on devices that are domain-joined or standalone regardless of whether they are owned by the organization or a user.
TechNet Virtual Lab: Protecting Your Data with System Center 2012 R2 Data Protection Manager
On demand
In this introductory lab, you will learn how to use the Data Protection Manager console to protect and recover data. You will learn how to allocate local storage, configure protection for files and SQL Server databases, create recovery points, and recover data. You will also learn how to recover a database to a SQL Server cluster.
| | | | | | | | | | | | | | | | | technet.microsoft.com/security | | | | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2015 Microsoft Corporation Terms of Use | Trademarks
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please click here. These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | | |
