Office 365

From Inside the Cloud: What does Microsoft do to prepare for emerging security threats to Office 365?

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Chang Kawaguchi is a group engineering manager for security for Office 365, Travis Rhodes is a lead security software engineer for Office 365 and Vijay Kumar is a senior product manager for Office 365.

If you have been following the From Inside the Cloud series, we regularly bring you an insider’s view on how we operate and manage the Office 365 service for security, privacy and compliance directly from the people behind the service.

Recently, there have been a number of cyber security related news articles about vulnerabilities and exploits. If you are wondering if the Cloud increases your data risk, in this week’s episode we focus on the measures that Microsoft has in place to prepare for emerging security threats to Office 365 as well as Microsoft Azure.

As we explain in this short video, we operate under the assumption that no computer system is perfectly secure, so we invest heavily in the “Assume Breach” approach.

Our colleague, Vivek Sharma, in his discussion on whether your data is safe at rest, highlighted the role of the Red and Blue teams as part of our “Assume Breach” approach.

And as core strategists of this approach for Office 365, today’s post focuses further on explaining the role of our Red team, an internal dedicated team of “white hat” hackers from varied industry backgrounds such as broader technology industry, defense and government, who conduct penetration testing on our system.

As a team, we push ourselves to creatively anticipate and simulate attacks from real-world adversaries using Tactics, Techniques and Procedures (TTP) that we know from ongoing research on emerging threats and trends. This then leads to the proactive exploration of vulnerabilities during a phase we call “reconnaissance” followed by “exploitation” where we try to bypass protections that may be in place and then lastly attempts to “access” the data. We in fact offer a number of examples of how we may go about this in this video.

Of course, as we do this there are clear rules of engagement to ensure that as we test the system we do not target customer data, impact service availability or compromise existing in place security.

Further, balancing the Red team is the Blue team whose role it is to monitor activities within the system to detect anomalous behavior and take action. As hard as the Red team is trying to find and exploit vulnerabilities the Blue team is trying to detect, investigate and mitigate security events.

Our red and blue teams work together within engineering to fix and harden the service. You can see and hear more on the Blue team’s work in our next post on Office Blogs, with lead engineer Matt Swann, who takes us behind the scenes of intrusion detection.

The combined efforts of our teams go toward improving detection by evolving our machine learning algorithms for the detection of anomalous activity as well as incident response.

We hope that today’s explanation offers a useful overview of how we prepare and plan for emerging security threats to keep your data safe. You can learn more about the ”Assume Breach” approach that Microsoft Azure and Office 365 utilize by visiting the Red team blog.

Let us know what else you would like us to cover in this series—send us your comments and questions and of course you can find by visiting the Office 365 Trust Center.

 Editor’s Note 11/11/2014
This post was updated to include Microsoft Azure, in addition to Office 365,  as part of the measures in place to prepare for emerging security threats.


Join the conversation

  1. If you would like profit from website design, you should read through this report. You will be provided assistance in this piece to assist you quickly find good results with web page design.

    Ensure your textual content and background has the correct comparison. There’s data showing that white text message over a black color history is quickest for many people to see, but other hues are great as long as they’re legible. jobs for graphic design magazines designers Also take into account that those with visible impairments might struggle to study your web site if the contrast is bad. Find out if your web site complies with assorted distinction standards utilizing the instrument at coding .

    You must in no way go live well before previewing the web page and guaranteeing images load properly and all hyperlinks job. Practically nothing frustrates visitors more than visiting to get a webpage they really want and receiving a mistake webpage rather. You may manually examine links or use a plan that will find shattered links to suit your needs.

    Consist of a good way for people to research your web site content. If individuals going to your blog are seeking some thing specific, one thing they may seek out is a research container. When you don’t have one, they could head to one more web site which does. Ensure that the package is on the appropriate in the hint in the site, which is where most guests will be initially.

    Make sure your site performs both with and without the “www” prefix. Some individuals will type this in prior to they head to your blog as being a pressure of habit, and a few may well not. You should make sure that clients is going to be directed to your blog either way, or you may have some puzzled individuals in your hands.

    Use ALT tag for your personal website. This gives everyone to gain access to the planned information and facts. If you have images which can be links, your ALT tag will tell folks the way the link will act. They can even be read by online search engine spiders to increase your site’s standing.

    Tend not to use blinking, scrolling text message or some other animations. Also, stay away from seems or tunes that has immediately. Every one of these things are distracting to end users and provide absolutely nothing of value. In addition, connection rates range between one internet site guest to the next, and everybody lacks the same rate. These customers with reduced links will resent the slow-moving-packing aspects of your blog.

    Content material is the most important element of your web site. The general layout is usually significant, but it’s even more vital that you use content that helps to keep guests returning for a lot more. As soon as your content material supplies useful and beneficial information that addresses the requirements your web site site visitors, all those site visitors will probably come back to your web site down the road.

    Make sure that your website style is successful on each and every internet browser. Your computer programming may possibly look wonderful in Firefox, but it could be askew in World wide web Explorer. You must figure out the best way points try looking in all internet browsers after which program code in ways that results in your website looking exactly the same on every single preferred web browser.

    Attempt planning for those monitor answers. A basic site might still encourage visitors to stay and study the material. If you liked this write-up and you would certainly such as to get additional facts concerning graphic design forums kindly see our webpage. In case your site doesn’t look nice to get a specific image resolution, the visitor may depart since they cannot look at it. Developing a stretchier layout that fits any screen image resolution lets you know that every website visitors can savor the content.

    Ask your friends and relatives for guidance on how your internet site or websites are building. You would like to check if what you’re making is actually appealing to people whenever they arrive pay a visit to, you don’t desire to make a complete web site that no one is gonna take pleasure in, this may damage your current development.

    If the appearance of your internet site has to be mobile pleasant, understand that mobile phones have small monitors and limited data transfer rate. To make up smaller monitors, you need to style your website as being a single thin column in order that the end user only needs to browse through vertically, instead of each horizontally and up and down. Constrained data transfer rate indicates that you should be additional worried about your data file styles. Also you can decide to generate a independent edition of your web site specially for mobile devices.

    Maybe you have learned about software like Photoshop and the best way to make remarkable models along with them. On the flip side, Dreamweaver is lesser known, and so many people are unaware of the rewards it provides for web site designers. It’s significant to access know this software and find out how it might assist your design.

    When designing your site, it may be beneficial to never stray past the boundary from well-liked events. As an example, most customers expect that anytime they click on the web site company logo on top of a website, they are delivered to the property webpage of the internet site. When your website acts differently, it may confuse the user. In many cases, straying from these kinds of events can lead to a bad overall end user experience.

    You wish to be sure that your web site is capable of getting viewed on a variety of operating systems and plans, starting from internet browsers including world wide web explorer to firefox. You should also make certain that your website performs on home windows and apple computer systems in order numerous customers as possible can observe your posts.

    If you would like variety any type of video clip on your internet site, ensure that you very first check with the world wide web hold to be positive this is a thing that is certainly enabled. There are lots of hosts that reduce videos from being sponsored on their web servers. Individuals FLV records absorb a great deal of host space that only will not be available. Prior to adding the time and effort into this function, graphic design jobs in denver co design jobs chicago il be sure you’re not wasting your time.

    To cover it up, you have been unsure of your crucial role that web page design has in the company’s good results, but now you must quite a good feel for it. If at all possible, this post will be ample to enable you to successfully pass these details on and support other individuals using the same questions.

Comments are closed.