Andrzej Kaźmierczak

Get IT solutions today!

Have you been hacked? No? Are you willing to bet on this???

Share this post to your SOCIAL MEDIA!

My personal answer to that question would be: “Not really, I’m not betting on this”. Have a look at the number here for 2016 data breaches and leakage ref. https://www.identityforce.com/blog/2016-data-breaches  . It is still growing! Or maybe more “fancy” view of the world’s biggest breaches ever ref.  http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ . The second portal is much more impressive, however, slows down my web browser a lot J

Come on, just open one of the links above! Those are just the biggest that publicly announced (or were forced to announce) they have been hacked. Don’t you think it’s scary? What about those medium, small or micro -sized companies? You think such companies are secure because no one cares about them? Uuuumm.. no! Everyone is at risk, but not everyone knows or wants to admit that they have been hacked.

So what I learned so far and what may be really interesting facts?

  • Cyber attacks cost organizations $400 billion a year!
  • People tend to use silly passwords (for example: “Password”, “12345” or a little more complicated “123456”).
  • They also use the same passwords for most of their accounts as it’s not easy to remember different passwords (btw, I would suggest using KeePass or other solution to store your credentials in a secure manner, ref. http://keepass.info/ )
  • Your personal information (name, email, phone number, insurance number, ) once leaked, cost approx. (sometimes less than) 0.01 USD.
  • On the black market, your leaked data (pictures, personal documents) cost not much more than personal information.
  • Current attacks are more targeted to steal your identity than your data as with identity the attacker may get more financial benefits acting on your behalf.
  • People are always the weakest chain in security. Bad guys using social engineering can get to one’s computer and then take over entire company network and stay invisible collecting the data. It takes on average 243 days of time between security breach to intruder detection.

As you can see security threats and attacks are getting more and more sophisticated using Advanced Persistent Threats (ref. https://en.wikipedia.org/wiki/Advanced_persistent_threat ) and more sophisticated methods of protection are needed. Microsoft has a great potential, financial assets and responds to such threats. Have a quick look at this software giant numbers: http://news.microsoft.com/bythenumbers/index.html .

Microsoft invests heavily in its public cloud – Microsoft Azure and its security. In 2015 there had been impressive stats announced:

  • ~1000 new Azure subscriptions/day.
  • 1 billion of kilowatts of green energy used.
  • >1 million of servers in Azure Datacenters.
  • >10 trillion objects in Azure.

During Build Conference 2016, Microsoft EVP Scott Guthrie announced that:

  • > 85% of Fortune 500 customers are now on Microsoft Cloud.
  • Microsoft has more Datacenters than Google and Amazon combined together.
  • There are over 120,000 new Azure customers a month.
  • >14 billion authentications a week.

Think about those numbers. Just for a few seconds.

In 2015 it was said that Microsoft invested in Azure $15 billion. Have also look at the massive availability around the world:

  • 30 regions (Americas, Europe, Asia Pacific).
  • 8 new regions newly announced (as of 2016).

You can find the latest map of Microsoft Azure Datacenters here ref. https://azure.microsoft.com/en-us/regions/ .

Also, when you think about Microsoft Azure or any cloud, do not just think about “servers running somewhere out there” as the cloud is not only infrastructure as a service! Actually, in Microsoft Azure, there are 500+ services provided by Microsoft. That is pretty impressive, isn’t it? You can have a look at this matrix comparison on the most essential services and their availability in different regions ref. https://azure.microsoft.com/en-us/regions/services/ .

Microsoft is not investing in the infrastructure only, but also security. Microsoft understands needs and today’s threats, and so they have built Microsoft Azure to become a trusted public cloud, based on Four Trust Aspects (ref. https://azure.microsoft.com/en-us/support/trust-center/ ).

  1. Security – “I need to make sure that my data is safe”.
  2. Privacy and Control – “I need to have my privacy guaranteed and can control where my data is stored (which country, which Datacenter, etc.).”
  3. Transparency“I need to know what you do to protect me and my data, you need to be transparent with all your actions, audit outcomes, etc.”
  4. Compliance – “There are law, company regulations, policies and requirements my company or organization has to meet. Those can only be met if the cloud is certified (i.e. PCI DSS certifications) and compliant with international laws and certifications.”

Each of above I will describe shortly in the next articles.

Andrzej Kazmierczak

About Andrzej Kazmierczak

Andrzej Kaźmierczak is an IT professional with many years of IT security experience to his credit. As a certified Architect and Systems Engineer in the field of Microsoft security solutions, Andrzej expands on his vast knowledge of the industry working with many major worldwide corporations and organizations from a wide variety of industry fields. Andrzej is also a published author of many security articles and blogs. His key specialties include the architecture, design, implementation and support for Identity Federation, Azure and Cloud, work in the field of Public Key Infrastructure and smart cards, as well as a wide array of Information Protection and Rights Management. Follow on twitter: @ANDKAZM View all posts by Andrzej Kazmierczak →
This entry was posted in Microsoft Azure and tagged , . Bookmark the permalink.

Leave a Comment

Your email address will not be published. Required fields are marked *