Enterprise Story | Security & Privacy overview

Microsoft
Productivity Future Vision
THE WORLD HAS CHANGED
Security Challenges
Change
Microsoft
Productivity Future Vision
20
15
10
5
INTERNET OF THINGS
PC, SMARTPHONE & TABLET
0
2013
2014
GROWTH OF CONNECTED DEVICES
BILLIONS OF UNITS
2015
2016
2017
2018
2019
Microsoft
Productivity Future Vision
0.16
2006
4.4
44
2013
2020
ZETTABYTES
OF DATA
1 ZETTABYTE = 1 B TERABYTES
Microsoft
Productivity Future Vision
“ W H AT I S S C A R C E
IN ALL OF THIS ABUNDANCE
I S H U M A N AT T E N T I O N ”
S AT YA N A D E L L A
Microsoft
Productivity Future Vision
THE SHIFT
OLD WORLD
Information scarce
Static hierarchies
Compete to win
Individual productivity
Focus on planning ahead
Efficiency of process
NEW WORLD
Information abundant
Dynamic networks
Collaborate to win
Collective value creation
Experiment, learn and respond
Effectiveness of outcomes
Microsoft
Productivity Future Vision
HUMAN
ACTIVITY
C O L L A B O R AT I V E
INTELLIGENT
N AT U R A L
MOBILE
BRINGING PEOPLE
TO G E T H E R
LIVING
SMARTER
FRICTION-FREE
C R E AT I V I T Y
FLUID
MOBILITY
Microsoft
Productivity Future Vision
At the Core: Security and Privacy
Managing risk in an increasingly connected world
“This Nexus of Forces is impacting
security in terms of new vulnerabilities.
–Ruggero Contu, Christian Canales and Lawrence Pingree. Forecast Overview: Information Security, Worldwide, 2014 Update. Gartner, Inc. June 25, 2014.
205
median # of days attackers are
present on a victim network
before detection
Job security Customer loyalty
Security
Implications
Brand reputation
Legal liability
Intellectual property
$ 3.5M
Average cost of
a data breach to
a company
15 % increase YoY
is a
CxO
level issue
Impact of cyber attacks could be
as much as $3 trillion in lost
productivity and growth
10
Because we are under attack
Indiscriminate
Consumer
Single Vector
Manual
Desktop
Visible
Lone Agent
Spam
Information Theft
Targeted
Enterprise Target
Multi-vector
Automated
Device and Cloud
Concealed
Organised Ecosystem
Information Theft
Process Disruption
“The world is changing very fast. Big will not beat small anymore. It will be the fast
beating the slow.”
Rupert Murdoch
Primary targets
Public Sector, Information, Financial Services
Manufacturing & Retail are the primary
targets
63%
Percentage of total security
incidents in 2014 were directed
toward public sector
Verizon, “2015 Data Breach Investigations Report”
Coordination
Collaboration
Disruption
How do we win?
It will take a partnership
Government
set policies and principles
Anti-malware and
security ecosystem
identify, block, sinkhole
Enterprises
starve and inform
OEMs
Vendors
security by design
CERTs, ISPs &
Law Enforcement
Large-scale Public Services
Cloud Providers, Telco’s
Seize, prosecute, takedown
identify, block, partner
Microsoft Experience and Credentials
Today: Cloud First, Mobile First
On the road
At home
In the office
On personal
devices
24 x 7
collaboration
Through
social media
Elements to a Resilient Infrastructure
Management
Protect
Threat Information
Detect
Response
18
Resilience against modern
Cyberthreats
The Hockey Analogy
19
Coaching
Management
Build the Foundation for Success and Adapt to
Changes
20
Goalie
Protect
Patch, Deploy Newer Products, Apply the SDL
21
Awareness
Detect
Active Attacks
22
Defense
Response
Customer, CSS and Cybersecurity Team
Threat Information
Intelligence
24
Management
Protect
Detect
Response
Patch, Deploy Newer
Products, Apply the SDL
Active Attacks
Customer, CSS and
Cybersecurity Incident
Response
Threat Information
Overall Resilience of an Organizations
IT Infrastructure
Overall Internet Resilience (Ecosystem)
Security framework: achieving overall resilience
Cloud Resilience
On-Premises Systems Resilience
Trust in your provider that they are protecting their
customers and are a global cybersecurity advocate
Strong principles and
policies that empower
you to be in control of
your information
Privacy
Deep Investment in
building a trustworthy
computing platform
and security expertise
Compliance
Security
Risk management
Aggressively fight
cybercrime and advocate
extensively for enhancing
cybersecurity
Advocacy
Transparency Governance
Access to a Transparency Center to work directly with source code for certain
high-volume products
Remote access to online source code for certain high-volume products
Technical data about products and services, including about Microsoft’s cloud
services
Information sharing about threats and vulnerabilities from Microsoft
MICROSOFT CONFIDENTIAL
Core Investments
WINDOWS 10
PROTECTS YOU
FROM MODERN
SECURITY THREATS
Secure
Identities
Information
Protection
Threat
Resistance
MCS Cybersecurity Services
Protect Microsoft &
Showcase Learnings
Remote Security
Incident Support
On-Site Security
Incident Response
Advisory
Services
Security Solutions
& Consulting
Advanced Tools
& Technologies
The Microsoft Digital Crimes Unit (DCU)
Cybercrime costs
consumers $113 billion a
year*
1 in 5 small and medium
enterprises are targeted by
cyber criminals**
Every second, 12 people
are victims of cybercrime –
nearly 400 million every
year*
50% of online adults have
been victims in the past
year
Financial Fraud
53% of the world’s securities exchanges were
targeted in 2012
Online Child Exploitation
The NCMEC has reviewed more than 90
million images and videos of child
* 2013 Norton Report
pornography.***
** National Cyber Security Alliance
*** National Center for Missing and
Exploited Children
The Digital Crimes Unit is an international legal and
technical team working with partners, to help create a
safe digital world, by working on issues such as:
• Malicious software crimes
• IP crimes
• Protecting vulnerable populations
The team applies legal and technical expertise to help
enhance cloud security and make the digital world safe
for everyone.
• DCU brings cybercrime experts across the areas of IP crimes,
botnets, malware, and child exploitation under one umbrella,
so that when focus areas intersect we can work better
together to eliminate cyber threats to Microsoft’s businesses,
customers, and the entire digital ecosystem.
• With cooperation across industry, criminal law enforcement
organizations, academia, and NGOs worldwide, DCU aims to
put cybercriminals out of business and create a safe online
experience for everyone.
Key Principles for Security and Transparency
It’s your data