Microsoft shares about cloud computing and network security

September 30, 2014 | 14:20
(0) user say
As the guest speaker today at AmCham’s Global Leaders Luncheon co-hosted with Microsoft and Vietnam Chamber of Commerce and Industry at Sheraton Hanoi Hotel, executive vice president, general counsel of Microsoft Corporation Brad Smith shared with VIR about Microsoft cloud computing and services, focusing on security policy and network security.


Brad Smith

How does Microsoft ensure that data is safe on the cloud?

Microsoft cloud services are designed, developed, and are operated to help ensure customer data is secure.

Microsoft is committed to delivering trustworthy cloud services, and is in a unique position to do so based on its experience, investments, partnerships in the industry and history of commitment over the past 10-plus years toward the creation and delivery of secure, private, and reliable computing experiences.

To help protect against Internet-based security threats and continuously asses and enhance the security of Microsoft services, Microsoft utilises Operational Security Assurance (OSA). OSA is a framework that incorporates the knowledge gained through a variety of capabilities that are unique to Microsoft, and deep awareness of the cybersecurity threat landscape. OSA combines this knowledge with the experience of running hundreds of thousands of servers in data centres around the world that deliver more than 200 online services to more than a billion customers and 20 million businesses in 88 countries.

OSA helps make Microsoft cloud-based services’ infrastructure more resilient to attack by decreasing the amount of time needed to prevent, detect, and respond to real and potential Internet-based security threats, thereby increasing the security of those services for customers.

How does Microsoft help ensure security is built into its products and services?

Cybersecurity and data privacy are engineered into Microsoft products and services from the initial design stage and throughout the development process using the Security Development Lifecycle (SDL) – a holistic and comprehensive software development process for writing more secure and privacy-enhanced code, and enabling more reliable products and services.

How does Microsoft work with governments?

Throughout the history of our company, we have worked with governments to help them build and deploy more secure IT infrastructure and services to protect their citizens and national economies.

We work with governments, businesses, and other industry leaders to help enforce and shape legislative proposals, harmonise laws across jurisdictions, develop responsible business practices, and strengthen self-regulatory mechanisms that lead to greater protections for individuals and their personal information

How closely do you work with the Vietnamese government to gather users’ data?

We do not provide any government with direct and unfettered access to our customers’ data. We only comply with valid legal orders for customer data that are targeted at specific accounts and identifiers, and we only provides the specific data mandated by the relevant legal demand. Our transparency reports demonstrate clearly that only a tiny fraction – fractions of a per cent – of our customers have ever been subject to a government demand related to criminal law or national security.

How should companies address cyber threats?

There are a number of steps that companies can take to instill confidence that customers’ data will be handled securely. First, those managing IT systems must improve their basic security fundamentals to counter the opportunistic threats and make persistent and determined adversaries work harder. This includes migrating to newer, more secure systems, patching vulnerabilities promptly, configuring systems properly (in part through increased automation), educating users about the risks of social engineering, and taking other steps - whether they involve people, processes or technology - to manage risks more effectively than they do today.

The second part of the strategy involves fundamentally altering their security posture to address the persistent and determined adversary. The security strategy deployed for blunting opportunistic threats- security strategy focused predominantly on prevention and secondarily on incident response- will not be enough. We must focus on three key areas: prevention, detection, and recovery

Brad Smith leads Microsoft Corporation’s Department of Legal and Corporate Affairs, which has approximately 1,100 employees located in 55 countries and is responsible for the company's legal work, its intellectual property portfolio and patent licensing business, and its government affairs and philanthropic work.

Smith has played a leading role within Microsoft and in the IT sector on privacy, immigration, and computer science and STEM education policy issues. He also plays a central role in ensuring that Microsoft fulfills its corporate responsibilities. In recent years Microsoft has consistently ranked in the top 2 per cent of the S&P 500 for corporate governance scores.

Before joining Microsoft in 1993, Smith was a partner at Covington & Burling, having worked in the firm's Washington D.C. and London offices.

In early 2013 Smith was named by the National Law Journal as one of the 100 most influential lawyers in the United States. He has written numerous articles and commentaries regarding international intellectual property and Internet, immigration and education policy issues.

By By Mai Thuy

What the stars mean:

★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional