Have you been hacked? No? Are you willing to bet on this???
My personal answer to that question would be: “Not really, I’m not betting on this”. Have a look at the number here for 2016 data breaches and leakage ref. https://www.identityforce.com/blog/2016-data-breaches . It is still growing! Or maybe more “fancy” view of the world’s biggest breaches ever ref. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ . The second portal is much more impressive, however, slows down my web browser a lot J
Come on, just open one of the links above! Those are just the biggest that publicly announced (or were forced to announce) they have been hacked. Don’t you think it’s scary? What about those medium, small or micro -sized companies? You think such companies are secure because no one cares about them? Uuuumm.. no! Everyone is at risk, but not everyone knows or wants to admit that they have been hacked.
So what I learned so far and what may be really interesting facts?
- Cyber attacks cost organizations $400 billion a year!
- People tend to use silly passwords (for example: “Password”, “12345” or a little more complicated “123456”).
- They also use the same passwords for most of their accounts as it’s not easy to remember different passwords (btw, I would suggest using KeePass or other solution to store your credentials in a secure manner, ref. http://keepass.info/ )
- Your personal information (name, email, phone number, insurance number, ) once leaked, cost approx. (sometimes less than) 0.01 USD.
- On the black market, your leaked data (pictures, personal documents) cost not much more than personal information.
- Current attacks are more targeted to steal your identity than your data as with identity the attacker may get more financial benefits acting on your behalf.
- People are always the weakest chain in security. Bad guys using social engineering can get to one’s computer and then take over entire company network and stay invisible collecting the data. It takes on average 243 days of time between security breach to intruder detection.
As you can see security threats and attacks are getting more and more sophisticated using Advanced Persistent Threats (ref. https://en.wikipedia.org/wiki/Advanced_persistent_threat ) and more sophisticated methods of protection are needed. Microsoft has a great potential, financial assets and responds to such threats. Have a quick look at this software giant numbers: http://news.microsoft.com/bythenumbers/index.html .
Microsoft invests heavily in its public cloud – Microsoft Azure and its security. In 2015 there had been impressive stats announced:
- ~1000 new Azure subscriptions/day.
- 1 billion of kilowatts of green energy used.
- >1 million of servers in Azure Datacenters.
- >10 trillion objects in Azure.
During Build Conference 2016, Microsoft EVP Scott Guthrie announced that:
- > 85% of Fortune 500 customers are now on Microsoft Cloud.
- Microsoft has more Datacenters than Google and Amazon combined together.
- There are over 120,000 new Azure customers a month.
- >14 billion authentications a week.
Think about those numbers. Just for a few seconds.
In 2015 it was said that Microsoft invested in Azure $15 billion. Have also look at the massive availability around the world:
- 30 regions (Americas, Europe, Asia Pacific).
- 8 new regions newly announced (as of 2016).
You can find the latest map of Microsoft Azure Datacenters here ref. https://azure.microsoft.com/en-us/regions/ .
Also, when you think about Microsoft Azure or any cloud, do not just think about “servers running somewhere out there” as the cloud is not only infrastructure as a service! Actually, in Microsoft Azure, there are 500+ services provided by Microsoft. That is pretty impressive, isn’t it? You can have a look at this matrix comparison on the most essential services and their availability in different regions ref. https://azure.microsoft.com/en-us/regions/services/ .
Microsoft is not investing in the infrastructure only, but also security. Microsoft understands needs and today’s threats, and so they have built Microsoft Azure to become a trusted public cloud, based on Four Trust Aspects (ref. https://azure.microsoft.com/en-us/support/trust-center/ ).
- Security – “I need to make sure that my data is safe”.
- Privacy and Control – “I need to have my privacy guaranteed and can control where my data is stored (which country, which Datacenter, etc.).”
- Transparency – “I need to know what you do to protect me and my data, you need to be transparent with all your actions, audit outcomes, etc.”
- Compliance – “There are law, company regulations, policies and requirements my company or organization has to meet. Those can only be met if the cloud is certified (i.e. PCI DSS certifications) and compliant with international laws and certifications.”
Each of above I will describe shortly in the next articles.