5 Razones por las que Microsoft debería ser tu socio clave en Ciberseguridad

Traigo aquí casi tal cual el post que mis compañeros del Microsoft Secure Blog acaban de publicar y que me parece  inmejorable:

When you think about cybersecurity, does Microsoft come to mind? Probably not.

Here are 5 reasons why enterprises should consider partnering with Microsoft on cybersecurity:

1. Strong Commitment to Cybersecurity

• Significant security investments. Microsoft invests over $1 billion annually on security. Microsoft has invested significantly towards building security into our core technologies like Windows, Office, and Azure, and in making strategic acquisitions of security technologies that enhance the investments customers have already made in Microsoft. We operate the Microsoft Cyber Defense Operations Center (CDOC), a 24x7 cybersecurity and defense facility with leading security experts and data scientists that protect, detect, and respond to threats to Microsoft cloud infrastructure, products and devices, and internal resources.
• Microsoft powered by Microsoft. We use our own hosted cloud and security solutions. Microsoft runs its business on the same multi-tenant cloud services as our customers, including those from highly regulated industries and governments.
• World class security talent and expertise. Our dedicated engineers, researchers, forensics experts, threat hunters, and data scientists work together to make our products and services better for you. The global incident response team works around the clock to help our customers respond and recover from breaches, and our team of Executive Security Advisors, including former CISOs, leverage extensive real-world experience to partner with customers on planning and implementing sound security programs.

2. Holistic Security Approach

Microsoft takes a three-fold security approach for customers to enable their business digital transformation.

• A Comprehensive Platform: Microsoft platform looks holistically across all the critical end-points of today's cloud & mobile world. By building security into Microsoft products and services from the start, we can deliver a comprehensive, agile platform to better protect your organization, move faster to detect threats, and respond to security breaches across even the largest of organizations. The platform serves as the framework for protecting enterprise organizations in four ways:
  • Identity and Access Management: protect user's identities and control access to valuable resources based on user risk level
  • Threat Protection: protect against advanced threats and help you recover quickly when attacked
  • Information Protection: help ensure documents and emails are seen only by the people you authorize
  • Security Management: gain visibility and control over your security resources, workflows, and policies, as well as recommendations on improving your security posture
• Vast Intelligence: Our intelligence, which is built upon a massive amount of security related-signals from the consumer and commercial services that we operate on a global scale, powers Microsoft solutions to enable you to protect, detect, and respond to threats more effectively. Each month we:
  • Scan 400 billion emails across outlook.com and Office 365 for phishing and malware
  • Process 450 billion authentications across all cloud services
  • Execute 18+ billion Bing webpage scans
  • Update 1+ billion Windows devices

Using the tremendous breadth and depth of signal and intelligence from our various on-premises and cloud solutions deployed globally, we investigate threats and vulnerabilities and regularly publish the Microsoft Security Intelligence Report (SIR) to educate enterprise organizations on the current state of threats and recommended best practices and solutions.

• Broad Partnerships: We're committed to being a leader in this space, but security is not a problem we can address alone. Our commitment is to make sure our products work with technology you already use. Microsoft is fostering a vibrant ecosystem of partners who help us raise the bar across the industry. We also collaborate extensively with customers and industry standards bodies to help us meet specific customer needs and industry regulations.

3. Trust-aligned Corporate Mission

Microsoft's mission is to empower every person and every organization on the planet to achieve more. As our CEO, Satya Nadella, stated, "Businesses and users are going to embrace technology only if they can trust it", and therefore we want to make sure our customers can trust the digital technology that they use, backed with the assurances they need. We've made investments in privacy and control, compliance, and transparency, and especially those features that matter the most to our customers.

For example, for our cloud services, we are committed to: helping you have control over your data, enabling you to comply with applicable laws, regulations (Esquema Nacional de Seguridad, ENS, en el caso de España) and key international standards, and  being transparent with you about the collection and use of your data. Last, but not least, we are committed to safeguarding your data from hackers and unauthorized access using state-of-the-art technology, process and certifications.

To learn more about Microsoft commitment to security, privacy, compliance, and transparency of our products and services, visit the Microsoft Trust Center at www.microsoft.com/trustcenter.

4. Leadership in Cybersecurity Best Practice Sharing

Microsoft collaborates extensively with governments and organizations around the world in sharing industry standards, providing guidance on cybersecurity best practices, and engaging in protecting critical infrastructure sectors.

For example, even before the launch of the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), Microsoft provided a response to the RFI and subsequently, NIST used our recommendations of focusing on protect, detect, respond, and recover functions in the NIST CSF. Microsoft's deep engagement with the Framework has allowed us to be agile in adopting it for our enterprise risk-management program, to inform and influence our security risk practices. It is also a key component in how we track security assurance and communicate about security maturity.

Additionally, the Microsoft Security Development Lifecycle (SDL), established as a mandatory policy in 2004, has been designed as an integral part of the software development process at Microsoft. Combining a holistic and practical approach, the SDL introduces security and privacy early and throughout all phases of the development process. The industry has accepted practices aligned with the SDL, and we continue to adapt it to new technologies and changes in the threat landscape. Microsoft has developed guidance papers, tools, training and resources to help organizations understand and adopt the SDL.

We are committed to disseminating such best practices (NIST CSF, SDL, etc.) internationally also.

5. Deep Customer Interaction

The Enterprise Cybersecurity Group (ECG) inside of Microsoft has been deeply engaging with customers across the globe to educate them on Microsoft's cybersecurity approach and services. To further help customers with their cybersecurity strategies, ECG partnered with a variety teams (Digital Crimes Unit, Cyber Defense Operations Center, Digital Risk and Security Engineering team, Cloud & Enterprise Security, Windows Security, and others) to launch a cybersecurity executive briefing center (EBC) experience. This invitation only program is designed to provide an executive level security experience for our customer's CISOs and their teams.

Key benefits of the EBC experience for customers:

1. Attendees receive a comprehensive overview of Microsoft's cybersecurity products and services aligned thematically to the Protect, Detect, and Respond framework, a common approach followed by enterprise organizations.
2. They meet face-to-face with Microsoft security experts and leaders from engineering, product management, threat intelligence, cyber security services, information security and risk management, and more to learn about approaches, ask questions, and provide feedback in real time.
3. Attendees learn how to improve their cyber security posture and come away with a stronger relationship with Microsoft as a trusted advisor and partner.

To learn about Microsoft's security strategy and solutions, visit: www.microsoft.com/security.