- \n
- Significant security investments<\/strong>. Microsoft invests over $1 billion annually on security<\/a>. Microsoft has invested significantly towards building security into our core technologies like Windows, Office, and Azure, and in making strategic acquisitions of security technologies that enhance the investments customers have already made in Microsoft. We operate the Microsoft Cyber Defense Operations Center<\/a> (CDOC), a 24×7 cybersecurity and defense facility with leading security experts and data scientists that protect, detect, and respond to threats to Microsoft\u2019s cloud infrastructure, products and devices, and internal resources.<\/li>\n
- Microsoft powered by Microsoft<\/strong>. We use our own hosted cloud and security solutions. Microsoft runs its business on the same multi-tenant cloud services as our customers, including those from highly regulated industries and governments.<\/li>\n
- World class security talent and expertise<\/strong>. Our dedicated engineers, researchers, forensics experts, threat hunters, and data scientists work together to make our products and services better for you. The global incident response team works around the clock to help our customers respond and recover from breaches, and our team of Executive Security Advisors, including former CISOs, leverage extensive real-world experience to partner with customers on planning and implementing sound security programs.<\/li>\n<\/ul>\n
2. Holistic Security Approach<\/h3>\n
Microsoft takes a three-fold security approach for customers to enable their business\u2019 digital transformation.<\/p>\n
![\"\"](\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2017\/08\/Holistic-Security-Approach-1024x319.png\")
<\/a><\/p>\n- \n
- A Comprehensive Platform<\/strong> \u2013 Microsoft\u2019s platform looks holistically across all the critical end-points of today\u2019s cloud & mobile world. By building security into Microsoft products and services from the start, we can deliver a comprehensive, agile platform to better protect your organization, move faster to detect threats, and respond to security breaches across even the largest of organizations. The platform serves as the framework for protecting enterprise organizations in four ways:\n
- \n
- Identity and Access Management: protect users\u2019 identities and control access to valuable resources based on user risk level<\/li>\n
- Threat Protection: protect against advanced threats and help you recover quickly when attacked<\/li>\n
- Information Protection: help ensure documents and emails are seen only by the people you authorize<\/li>\n
- Security Management: gain visibility and control over your security resources, workflows, and policies, as well as recommendations on improving your security posture<\/li>\n<\/ul>\n<\/li>\n
- Vast Intelligence<\/strong> \u2013 Our intelligence, which is built upon a massive amount of security related-signals from the consumer and commercial services that we operate on a global scale, powers Microsoft solutions to enable you to protect, detect, and respond to threats more effectively. Each month we:\n
- \n
- Scan 400 billion emails across outlook.com and Office 365 for phishing and malware<\/li>\n
- Process 450 billion authentications across all cloud services<\/li>\n
- Execute 18+ billion Bing webpage scans<\/li>\n
- Update 1+ billion Windows devices<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Using the tremendous breadth and depth of signal and intelligence from our various on-premises and cloud solutions deployed globally, we investigate threats and vulnerabilities and regularly publish the Microsoft Security Intelligence Report (SIR)<\/a> to educate enterprise organizations on the current state of threats and recommended best practices and solutions.<\/p>\n
- \n
- Broad Partnerships<\/strong> \u2013 We\u2019re committed to being a leader in this space, but security is not a problem we can address alone. Our commitment is to make sure our products work with technology you already use. Microsoft is fostering a vibrant ecosystem of partners who help us raise the bar across the industry. We also collaborate extensively with customers and industry standards bodies to help us meet specific customer needs and industry regulations.<\/li>\n<\/ul>\n
3. Trust-aligned Corporate Mission<\/h3>\n
Microsoft\u2019s mission is to empower every person and every organization on the planet to achieve more. As our CEO, Satya Nadella, stated, \u201cBusinesses and users are going to embrace technology only if they can trust it\u201d, and therefore we want to make sure our customers can trust the digital technology that they use, backed with the assurances they need. We\u2019ve made investments in privacy and control, compliance, and transparency, and especially those features that matter the most to our customers.<\/p>\n
For example, for our cloud services, we are committed to: helping you have control over your data, enabling you to comply with applicable laws, regulations and key international standards, and being transparent with you about the collection and use of your data. Last, but not least, we are committed to safeguarding your data from hackers and unauthorized access using state-of-the-art technology, process and certifications.<\/p>\n
To learn more about Microsoft\u2019s commitment to security, privacy, compliance, and transparency of our products and services, visit the Microsoft Trust Center at www.microsoft.com\/trustcenter<\/a>.<\/p>\n
4. Leadership in Cybersecurity Best Practice Sharing<\/h3>\n
Microsoft collaborates extensively with governments and organizations around the world in sharing industry standards, providing guidance on cybersecurity best practices, and engaging in protecting critical infrastructure sectors.<\/p>\n
For example, even before the launch of the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), Microsoft provided a response to the RFI<\/a> and subsequently, NIST used our recommendations of focusing on protect, detect, respond, and recover functions in the NIST CSF. Microsoft\u2019s deep engagement with the Framework has allowed us<\/a> to be agile in adopting it for our enterprise risk-management program, to inform and influence our security risk practices. It is also a key component in how we track security assurance and communicate about security maturity.<\/p>\n
Additionally, the Microsoft Security Development Lifecycle (SDL), established as a mandatory policy in 2004, has been designed as an integral part of the software development process at Microsoft. Combining a holistic and practical approach, the SDL introduces security and privacy early and throughout all phases of the development process. The industry has accepted practices aligned with the SDL, and we continue to adapt it to new technologies and changes in the threat landscape. Microsoft has developed guidance papers, tools, training and resources to help organizations understand and adopt<\/a> the SDL.<\/p>\n
We are committed to disseminating such best practices (NIST CSF, SDL, etc.) internationally also.<\/p>\n
5. Deep Customer Interaction<\/h3>\n
The Enterprise Cybersecurity Group (ECG) inside of Microsoft has been deeply engaging with customers across the globe to educate them on Microsoft\u2019s cybersecurity approach and services. To further help customers with their cybersecurity strategies, ECG partnered with a variety teams (Digital Crimes Unit, Cyber Defense Operations Center, Digital Risk and Security Engineering team, Cloud & Enterprise Security, Windows Security, and others) to launch a cybersecurity executive briefing center (EBC) experience. This invitation only program is designed to provide an executive level security experience for our customers\u2019 CISOs and their teams.<\/p>\n
Key benefits of the EBC experience for customers:<\/p>\n
- Broad Partnerships<\/strong> \u2013 We\u2019re committed to being a leader in this space, but security is not a problem we can address alone. Our commitment is to make sure our products work with technology you already use. Microsoft is fostering a vibrant ecosystem of partners who help us raise the bar across the industry. We also collaborate extensively with customers and industry standards bodies to help us meet specific customer needs and industry regulations.<\/li>\n<\/ul>\n
- Microsoft powered by Microsoft<\/strong>. We use our own hosted cloud and security solutions. Microsoft runs its business on the same multi-tenant cloud services as our customers, including those from highly regulated industries and governments.<\/li>\n