// archives

Cool Technology

This tag is associated with 6 posts

RSA 2015 – Microsoft Key Announcements in Security

 

The US RSA conference is probably the world’s leading security conference with about 30’000 participants and took place last week in San Francisco. Scott Charney, Microsoft’s CVP Trustworthy Computing, gave a noteworthy keynote on Enhancing Cloud Trust that can be watched here. It is well worth the time.

The announcements made by us and the presence that Microsoft had at the conference was impressive. The main theme was very clearly that we truly live in a mobile first, cloud first world and that with the explosion of devices and apps come new challenges. Security has been a top priority for Microsoft for a long time already and Microsoft is committed to providing customers with transparency and control over their data in the cloud. Here are the highlights that we announced:

  • New Security & Compliance signals and activity log APIs so that customers can access enhanced activity logs of user, admin and policy related actions through the new Office365 Management Activity API.
  • New customer Lockbox for O365 that brings the customer into the approval workflow if one of our service engineers would have to troubleshoot an issue that requires elevated access. With the customer lockbox the customer has the control to approve or reject that request.
  • Device guard is the evolution of our malware protection offering for Windows 10 and brings a new capability to completely lock down the Windows desktop such that it is incapable of running anything other than trusted apps on the machine.
  • Increasing levels of encryption where O365 will implement content level encryption for e-mail in addition to the BitLocker encryption we offer today (similar to OneDrive for Business’ per-file encryption). In addition we expect enabling the ability for customers to require Microsoft to use customer generated and controlled encryption keys to encrypt their content at rest.
  • Microsoft Passport is a new two factor authentication designed to help consumers and businesses securely log-in to applications, enterprise content and online experiences without a password.
  • Windows Hello which will provide that Microsoft Passport can be unlocked using biometric sensors on devices that support that (most notably iris and face unlock feature in addition to fingerprint).
  • Azure Key Vault which helps customers safeguard and control keys and secrets using FIPS 140-2 Level 2 certified Hardware Security Modules in the cloud with ease and at cloud scale and provides enhanced data protection and compliance and control.
  • New Virtual appliances in Azure where we work with industry leaders to enable a variety of appliances so that customers have greater flexibility in building applications and enabling among others network security appliances in Azure.
  • Enterprise Mobility where we have the Enterprise Mobility Suite (EMS) bringing customers enterprise grade cloud identity and access management, mobile device management and mobile app management and data protection (Reto’s comment: not new but worthy to call out having grown our install base by 6x just in the last year)

More information can be found on Scott Charney’s blog on “Enabling greater transparency and control” that also has further links to more in-detail information on the individual technologies mentioned above.

Windows 8 – why it matters for business

I have heard a couple of times from enterprises that Windows 8 looks great but that it is a consumer product and that adoption in the enterprise does not seem to bring an obvious advantage as most users work on a laptop and desktop and don’t need a metro surface. While I understand this initial reaction I see a large benefit for business to use Windows 8.

The way people work has changed and more work is done mobile. Until now the challenge was to still have the reliability, productivity and security a business needs. This is one of the strong advantages of Windows 8. It integrates seamlessly into the IT infrastructure and provides enterprise class security. And this even in multiple ways. Windows 8 provides an innovative and fun way to work on a slate or tablet in addition to more traditional laptops and desktop PCs. In addition there is the possibility to have Windows 8 on a USB stick with Windows To Go – a fully managed corporate Windows 8 desktop. Travelling light has never been that easy.

Picking some elements to talk about is not easy as the new functionalities are significant but looking at today’s cybersecurity threats I very much like the improvements that were made with the secure foundation. Trusted Boot is a key element. It validates the integrity of the entire boot process – from hardware, boot loader, kernel, boot-related system files to drivers. With antimalware loaded before all non-critical Windows components we achieve a better protection from rootkits. This in combination with Measured Boot Process, BitLocker Drive Encryption, AppLocker, and claim-based access control delivers end-to-end security like never before.

This is only a short overview on some of the Windows 8 features for business. A deeper and broader description was posted today in the Windows Team Blog here. It is worthwhile reading it.

Also check out the short video for an overview of  some central aspects of Windows 8:

 

 

Beta for next version of Windows Intune

A while ago I wrote about that small and medium businesses have become the new primary target for cybercrime and how to secure your PC in a second post. Today I want to combine the two and share some thoughts on how today the cloud helps in securing your desktops.

When this blog is going live, Microsoft will have the beta of the next release of Windows Intune announced. More information on that is available on the Windows for your Business Blog. In short, the next release of Windows Intune has features specifically requested by partners to better serve their customers. This release is in response to the need for the ability to distribute software – with this beta, administrators can deploy updates or software to PCs that can be located virtually anywhere without server infrastructure or physically touching each PC to install the software or update.

Intune shows the trend to move security capabilities into the cloud. To have a central administration possibility used to involve a fair amount of resources and was felt beyond the possibilities of many small and medium businesses. Not any more. With solutions like Windows Intune every business – as small as it might be – can centrally administrate the PC’s, patch and update them, install software, check the health of the virusscanners etc from an easy web-based interface. You pay for as many PC’s as you are administrating. Not more – not less. In addition to significantly increasing the security of the network it might also save money and reduce the dependence on external IT support if you have outsourced the administration of your endpoints so far.

With this we see another answer to the question if the cloud is safe and if security is possible in the cloud. It is a great example that security is made possibly by the cloud reducing the investment needed to provide security services. A development I like a lot.

Fighting malicious software – congratulations SWITCH


SWITCH
, the internet registrar for the .ch and the .li domain and also a service provider for Swiss universities and a CERT, has been blocking Swiss websites if they are spreading malicious software and infecting computers of the internet users accessing them. They released today a statistic, that they have been cleaning more than 700 websites since the end of November 2010. This comes to an average of about 150 websites per month although, as they started the process slowly, the average might not be representing the actual work completely.

I am happy to hear about this success of SWITCH making internet users safer by disabling malware disseminating sites. If one takes the relative small numbers of .ch and .li domains and looks at how many domains exist worldwide the amount of infected sites is hard to grasp. The process itself is pretty straightforward. Once an infected site is known the holder of the manipulated website is contacted. SWITCH describes the process as follow “After receiving notification, holders and operators have one working day to clean up the website. If this deadline elapses without a cleanup, SWITCH temporarily blocks the domain in question to protect visitors to the website and informs the Reporting and Analysis Centre for Information Assurance – MELANI. As soon as the problem has been solved, SWITCH reactivates the domain. Combating malware in this way is proving to be effective: in 680 cases, the holders and operators reacted and cleaned up the website within one working day. On 55 occasions, a website was blocked before being cleaned. In 68 cases, it proved impossible to find a definitive solution, because the blocking period permitted by law had expired.”

While the process is clearly not perfect it is definitely a first step and it could be a model for other registrars to adapt. It needs a legal basis and a close cooperation with the government. Maybe this goes in the direction of the need of an internet governance I described earlier? Whatever could be improved – for today it is “congratulations SWITCH”!

Phone 7 update: not NoDo – DO

I was one of the lucky ones that got a message that the Phone 7 update was ready for me to be installed. This being the one that brings copy-past to my phone (often called NoDo update). Well – NoDo? I would recommend to DO it! The update went smoothly although took quite a while. The estimate at the beginning was about 23 minutes but ultimately, with backing up the phone and everything that Zune does, it was closer to 45 minutes. For the ones that get nervous during the update when they stare at the Zune screen that doesn’t have any progress indicator – no worries – the indicator is on the phone! And yes – it moves – but it moves slow. Very very slow.

So now I am one of the lucky ones that can cut and paste. No big deal you might think but it helps a lot if one uses the phone as a work tool as regularly as I do. That was one of the things that bothered me when I traded my iPhone with the Windows Phone 7 on my first day working at Microsoft. And I never really looked back. While there are still some features missing that would make it even better I am very happy about the underlaying (security) architecture and it doesn’t surprise me that the phone was left undefeated in a hacking competition (together with Android) while the iPhone and RIM were compromised. Looking at the roadmap of the phone we will see some very exciting things coming! Some of them were already announced like the multitasking and the IE9 integration and others are coming later so stay tuned. And with that Gartner might be not far off with their prognosis that by 2015 Windows Phone will have overtook iPhone and RIM and be the second most used phone OS behind Android.

One word for the people that are tempted to update the phone before the release is available for your phone. There are multiple reports on possibilities to force the update but the most common is probably the tool that Chris Walshie developed. The problem is – do you really know what is being installed on your phone? Pocket PC described the process that the tool is downloading a “compromised” file. Well do I want to trust that the compromised file is really not doing anything that it shouldn’t do? What code is landing on my phone that might circumvent some safety features? I am not saying Chris inserted something on purpose but how long will it take that these Chevron.WP7Updater files are easily downloaded from P2P networks and dubious websites and how certain are you that they only contain what they should contain? I for my part don’t want to find out and recommend to think about it, have some patience (I know – also not my strongest suit and I get the temptation very well) and run the update once it is pushed to your phone. In the meantime – check out the Windows Phone blog for more information.

Microsoft Kinect makes Google’s April 1st joke look old

Some of you might have looked at Google’s April 1st joke on controlling mail as a funny joke but while their technology didn’t work (hence the joke) some researchers at the University of Southern California (USC) took it and implemented the joke using Microsoft’s Kinect. The result is pretty amazing (check out the video below). It shows how easily the cool Kinect technology can be adapted and while this specific application is pretty silly, Kinect can be applied to more serious business needs and support security related applications. I hope that the Flexible Action and Articulated Skeleton Toolkit (FAAST) used by USC will bring us many more fun and useful applications based on Kinect.

 

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex