Mostly, it is clear that as the focus on cloud technologies increases, the focus on security will probably increase, too. I've been hearing people talk about the cloud for a long time. I worked with a fellow who was, many years ago, referred to as a "cloud evangelist". I recall people wondering if that "cloud thing" would ever catch on. At that time there was a lot of FUD surrounding the cloud.
People really didn't have much faith in the idea of their company's data residing outside of the company. In some respects, they still don't. I was talking to a friend of mine about the cloud focus at Ignite. He said that he felt that the first time there is a major data breach involving data in the cloud. He thinks that people will start reverting back to on-prem systems. I am not so sure about that. There were several sessions at Ignite that were quite informative regarding Microsoft's direction in the area of security. Security in the cloud is important, but we need to remain concerned with the security of the endpoints that interact with your data in the cloud as well. As a result, Ignite was useful in letting us see what Microsoft is doing with security from both angles.
Most importantly, if cloud technology is really going to be the "key", it will have to be secure. Certainly, in this day and age of highly publicized security breaches, data theft, and malware, people will not tolerate anything less. With the investment that Microsoft has made in this area, consequently, they have a vested interest in keeping that from happening.
As a result, to provide the security and trust that people demand, Microsoft needs to provide a comprehensive set of tools. They are including various things like Artificial Intelligence (AI) and Advanced Threat Protection (ATP), cloud infrastructure, endpoints, and other network-connected devices that belong to the Internet of Things (IoT) where data is collected from potentially large numbers of connected devices.
Azure Sphere is a three-part approach to securing IoT devices. First, there is a secure hardware device (micro-controller unit). This hardware contains a "route of trust" that monitors the operation of the hardware and can provide secure boot capabilities. Second, there is the Azure Sphere OS. The Sphere OS is the first Linux operating system shipped by Microsoft (Anyone remember Xenix? That was Bell Labs Unix version 7, not Linux). The third is the Azure Sphere Security Service. Most importantly, the security service is a cloud offering that is designed for securing IoT devices, identifying threats, and establishing trust between endpoints. Also between endpoints and the cloud.
Neustar, an IT company, reports that many businesses cite unsecured IoT devices as the biggest threat to their company's security. Another report from Corero Security of Massachusetts, USA, estimates that DDoS attacks have risen 91% since Q1, 2017. One of the two factors cited is the rise in DDoS attacks is the implementation of unsecured IoT devices. Corero says that "IoT botnets should be a grave concern", and that companies are spending significant amounts of money to protect themselves against DDoS attacks. Benefits from securing IoT vulnerabilities are potentially viable for everyone. Microsoft recognizes this. Because the internal pressures to secure against attacks launched by IoT devices will lessen, and as the pressures lessen, so should the costs.
One of the core concepts in Microsoft 365 is intelligent security features which include Identity and Access Management, Information Protection, Threat Protection, and Security Management.
Similarly, Identity and Access Management include the ability to use Multi-Factor Authentication and Passwordless access. Access controls are built around IP and Geographical criteria along with and trusted devices. You can configure Azure AD Password Policies to block the 500 most used passwords and 1 million common character substitutions.
Some of the Information Protection features include Controlled Folder and App-Locker policies. These protect access to important file locations and therefore prevent the execution of unauthorized software in the environment based on whitelisting of applications.
Finally, AI capabilities have been enhanced by the acquisition of Bonsai and partnership with C3 IoT. Consequently, those capabilities are being used in the Advanced Threat Protection and Advanced Threat Analytics tools for Exchange Online and Office 365 to identify patterns of behavior which indicate malicious activity. Protection is implemented as Safe Attachment and Safe Link functionalities built into Outlook, SharePoint, and OneDrive.
In the follow up to this piece, I'll speak more about ATP and Microsoft 365. Stay tuned.