Helping Utilities stay secure in the new digital business era
Cyberattacks on our critical energy facilities and infrastructures. Concerns over potential smart meter and smart home vulnerabilities. ‘Pass the Hash’ and malware attacks that disable critical safety equipment. In today’s hyper connected world, Utilities are facing possible security issues on a scale not seen before.
Employees are working across corporate applications and accessing sensitive data from on-premises and cloud-based systems using every type of device from laptops to smartphones to IoT sensors. While there is an immense opportunity for Utilities to extract great value from today’s connected technologies, as workers increase their exposure to accessing and transacting data, the security risks become daunting.
These security concerns are very top of mind for us here at Microsoft as well. We recognize that this new reality requires a new approach to how we protect, detect and respond to security threats.
Investments for a new approach
Microsoft has a unique perspective on this problem. Because of the scale of technology we build and operate, we see trillions of data points from billions of sources. The insights we gain from the data acquisition and management of this information and devices have caused us to re-evaluate our own security strategy. While the basics of protecting, detecting, and responding to threats hasn’t changed, how we go about doing that has now changed.
Microsoft CEO Satya Nadella recently laid out our new approach to security and I want to share some of this thinking with you here, as I know many of you are constantly assessing and refining your approach to your own security strategies and policies.
Platform + intelligence + partners
Our approach to security addresses three critical elements:
- Building a platform that looks holistically across all the critical end-points.
- Acting on the intelligence that comes from our security-related signals and insights.
- Fostering a vibrant ecosystem of partners who help us raise the bar across the industry.
First, our platform: Microsoft spends more than $1B annually building security technology into our core products: Windows 10, Office 365, and Microsoft Azure, including our Cortana Analytics Suite and Azure IoT Suite.
And we make sure these products, along with Microsoft Enterprise Mobility Suite (EMS), and Microsoft Operations Management Suite (OMS), all work together, along with partner solutions from across the security ecosystem to deliver a holistic, agile, security platform.
We see trillions of data points across our own products, our data centers in over 40 countries, Internet data, customer insights, and even the data we derive in our Digital Crimes Unit. Using machine learning, we analyze and use that intelligence to not only flag known attacks, but also detect new threats. We aggregate these insights into our Intelligent Security Graph, and then we put them to work.
We are also committed to making sure our products work well with whatever you use—whether that’s technology from our partners or our competitors. We will continue to work closely with the security industry and governments around the world to ensure that your business is able to trust the technology you use and don’t view security as a barrier to technology adoption as you transform to a Digital Utility.
Building a safer, more secure, digital world
We’ve also made new investments including the Enterprise Cybersecurity Group, which will serve as a one-stop resource for our enterprise customers to address their security needs, and the Cyber Defense Operations Center, the 24x7x365 physical hub for Microsoft’s own robust security and defense operations.
Our new organization in our Enterprise Partner Group, the Enterprise Cybersecurity Group (ECG), is a key part of Microsoft’s security strategy, and takes an innovative approach to helping you advance your security posture while accelerating your move to the cloud. In partnership with key groups like Microsoft Services, ECG helps to provide you with services and solutions that span our entire Protect/Detect/Respond approach. These expanded capabilities include:
- Security Assessments (ESAE, MSRA, SDL)
- High Value Asset Protection (HVAP)
- Ongoing Monitoring and Threat Detection Services (MTDS, PADS, ATAIS)
- Onsite Incident Response & Recovery (IR&R)
These offerings provide businesses like yours with a new comprehensive and unified approach to your security needs.
Our industry is driving new and exciting trends around things like renewable energy, smart grids and smart meters, connected prosumers, distributed generation, and more. But we won’t use technology to forge a new future for ourselves unless we have enough trust to allow it to remove limitations and accelerate innovation.
I encourage you to read all the details about our new security approach in our blog, and watch the on-demand video with Satya here.
LinkedIn: Larry Cochrane
