At Ignite 2019 in Orlando, Kirk Koenigsbauer, CVP, M365 and Security, presented Microsoft’s security and compliance roadmap. You can watch his session in full length (not available anymore).

Microsoft is putting a lot of effort into strengthening its security capabilities in response to the ever-increasing complexity, scale, and sophistication of security threats. These threats are currently targeting two main weak spots: data and devices.

We currently see an explosion of data – more data will be created in the next year alone than what was created over the last 10 years. Yet we’ve been painfully made aware of the vulnerability of data: so far in 2019, over 4 billion records have been exposed to data breaches. By next year, the number of devices in the world is expected to exceed 75 billion, including PCs and laptops, and everything from printers to IoT devices and meeting room systems – all of them connected within corporate networks and therefore posing as potential threat surface areas.

Adding to this, more and more security breaches originate from within companies: 53% of organizations have experienced insider attacks within the last year alone.

Zero trust concept

Zero Trust always assumes the worst-case scenario in order to achieve the best possible outcome. From a security perspective, it means to never trust anything – whether it’s coming from inside or outside the corporate network. And it is all about multi-level verification:

• Verify every request
• Verify user identity
• Verify user location
• Verify user device health
• Verify user device patch level

Least privileged access

Least privileged access is about limiting user access to the very minimum in order to reduce the consequences of possible security breaches to a minimum as well. These access rights can be further limited to specific time frames and specific tasks and enhanced with audit rights to facilitate activity monitoring of activity.

Microsoft’s 3 core principles for security and compliance

• • 1. Built-in

Security and compliance precautions and mechanisms are deeply rooted within the Microsoft portfolio. They are built-in.

Exchange online comes equipped with advanced threat and phishing protection. Windows 10 has end point detection and response mechanisms by default. Other built-in security precautions include data loss prevention and cloud-native SIEM. On the infrastructure side, Azure is the first major platform with built-in security posture management. Microsoft is also working on solutions that run across clouds (e.g. Amazon Web Services, Google Cloud Platform) and hybrid solutions.

• • 2. AI and automation

Microsoft fully embraces AI and automation. And it fully utilizes them to combat a rapid growth in the volume and expertise of cyber attacks as well as the increasing complexity of compliance risk. Cloud solutions, AI, and automation make it possible for Microsoft to respond to over 8 trillion signals every day across the Microsoft platform. A fully automated prevention and protection protocol fends off security threats without needing a single person to be involved. In addition, machine learning and hyper skill cloud services aid Microsoft professionals at its security operations center to deliver the highest levels of security and compliance to Microsoft customers across the globe.

• • 3. Integration

All Microsoft solutions are delivered with a broad set of best-in-class security and compliance capabilities that are deeply integrated together. A comprehensive set of services – from identity and access management to threat protection, cloud security, information protection and governance, insider risk solutions, and compliance management capabilities – ensures highest levels of security and compliance. With Microsoft Threat Protection, there is already a unique integration of shared signals, learning, telemetry and shared tools, which helps to protect users, data, and apps up until the end point.

“This is what makes Microsoft Threat Protection truly unique relative to going withstand alone point solutions. Of course, you would expect us to integrate within our own products, but to us integration just doesn’t mean within the Microsoft family of products. It’s also about integrating across the ecosystem.”

Kirk Koenigsbauer, CVP, M365 and Security, Microsoft

Data privacy

Data privacy has become one of the most important cloud topics. Microsoft believes that data privacy is a critical enterprise requirement. To keep a maximum level of data privacy, Microsoft is following these three rules:

• Customers are in control of their data and access rights
• Microsoft is always clear on what data they have access to and what they do with it
• Microsoft provides enterprise customers with up-to-date regulatory compliance tools

Find more on Microsoft’s data privacy capabilities in the Microsoft trust center.

Would you like to learn more about how Microsoft ensures the security of your data? Our experts can provide you with the best and most up-to-date information and advice. Contact your local AlfaPeople team today!