Tag: Security

Windows Live Blog: 90% less spam in Hotmail, 15% less spam on the Internet

Today I came across this very nice price info. It clearly shows how much impact Hotmail has on the market and in this case also how it influences the reduction of spam on the internet overall.

Way back in 2006, Hotmail had a big spam problem, and we got a deservedly bad reputation for it. Since then, we’ve made amazing advances, and over the last few years, we’ve wrestled the spammers to the ground. Here’s a chart that shows the amount of Spam In The Inbox (SITI) for Hotmail users over the last several years, compared with the amount of spam on the Internet (expressed as a percentage of all email that is sent on the Internet).

Percentages of spam on the internet and in Hotmail

The chart shows two things:

Hotmail keeps spam out of your Inbox
We’ve reduced the level of spam in Hotmail by 90% since its peak in 2006. Since last year, we’ve reduced what was left by another 40% (from 5% true SITI to 3% true SITI).

We’ve helped to reduce overall spam on the Internet
The percentage of spam on the Internet has actually declined 15% from its peak in 2008, due to a number of factors including the legal and technical disruptive action Microsoft has helped drive in the prosecution of spammers and the takedowns of botnets used to send spam. Botnets – collections of people’s malware-infected computers covertly operating under the remote control of a cybercriminal – are often used to send spam (and commit other online crimes). This video explains a little more about how botnets are used to send spam.

Exchange Online SLA Updated with Spam, Virus Protection Guarantees #bpos #msonline

New improvement to the Service Level Agreement for Online Services; in this case the expansion of the SLA to also cover Forefront Online Protection for Exchange (FOPE).

Also Microsoft has consolidated all SLA documents into 1 single document.

Effective immediately, Microsoft announces the Exchange Online Service Level Agreement (SLA) has been updated to include service level components for virus and spam protection delivered by Forefront Online Protection for Exchange (FOPE).

Forefront Online Protection for Exchange is an enterprise-class e-mail filtering service that is included without additional cost as part of the Exchange Online service. Exchange Online customers now benefit from financially-backed guarantees of virus and spam protection service levels, including:

· Virus Detection and Blocking Service Level

· Spam Effectiveness Service Level

· False Positive Service Level

Microsoft also simplifies the communication and access to the SLA with a single document that covers a number of Microsoft Online Services. In addition to all components of the Business Productivity Online Suite Standard (BPOS-S), this SLA document also covers Dynamic CRM Online, Exchange Hosted Archive and Windows Intune. The new SLA document can be found on the Microsoft Volume Licensing site.

Other than the new SLA benefits described above for Exchange Online, there are no material changes to the terms and conditions of the SLAs for other components of BPOS-Standard or for the other existing service SLA’s that are represented.

Source: Exchange Online SLA Updated with Spam, Virus Protection Guarantees

Webwereld: Google weigert data in Europa te houden

Dit artikel verscheen afgelopen week op webwereld en dat zet je wel aan het denken :

Zonde dat een onderwerp wat zo belangrijk is voor de acceptatie van cloud computing zo wordt neergezet door een bedrijf dat pretendeert een drijvende kracht achter cloud computing te zijn. Ik vond dit echt een historische quote :

“Google ziet het heel simpel. We bieden geen villa die je zelf kan inrichten, maar een standaard ingericht appartement in onze flat. Daarmee heb je alle voordelen van de cloud tegen bodemprijzen. Onze menukaart is beperkt, maar je kunt toch weg? Dan moet je verder niet zeiken”, aldus Schouten.

Samantha Peter, bij Google Europa verantwoordelijk voor de educatie sector bevestigd nog maar eens dat Google echt geen hoge pet op heeft van de eisen en wensen van hun klanten op juridisch vlak. Als een klant het doet volgt de rest wel :

Een één-schaap-over-de-dam strategie, bevestigt Samantha Peter, die over de onderwijsmarkt gaat. “Je hebt een a twee early adopters nodig en dan volgen anderen, dat werkt in het onderwijs en ook op de commerciële markt.”

Volgens Google is het hameren op datalocatie vooral een nostalgische emotie. “Onze boodschap is: het lost echt geen problemen op. Wat willen ze er mee bereiken? We zien dat er universiteiten voor Google kiezen, zonder dat ze eisen dat hun data in Europa blijft. Die scheppen een precedent en dan kunnen anderen zich afvragen hoe belangrijk deze kwestie nu eigenlijk is. Er zitten twee kanten aan de medaille. We zouden het kunnen doen, maar wellicht is het over een jaar minder belangrijk en is al de helft van de universiteiten gemigreerd,” aldus Peter.

Bron : webwereld.nl

Je vraagt je af hoe bestaande klanten van Google, die juist hebben aangegeven dat de juridische aspecten van cloud computing zo belangrijk vinden, zich voelen.

Neem nou Open Universiteit die in een computable artikel benadrukte hoe belangrijk zij de juridische aspecten vinden :

Privacy van studenten

De juridische kant van de zaak was echter een echter breinbreker. "Google heeft niet zo’n goede naam in Europa, met name waar het het het scannen van de inhoud van berichten en de bewaartermijn van gegevens betreft. De mailadressen van onze studenten zijn opgebouwd uit hun voorletters en achternaam. Dat zijn persoonsgegevens volgens de Wet Bescherming Persoonsgegevens."

Dat Google een Amerikaans bedrijf is maakte de zaak daarnaast niet eenvoudiger. Hoofd Juridische ondersteuning van de OU, Jan Engels: "Google wil zijn contracten sluiten naar Amerikaans recht. Daarnaast staat de site van Google vol met allerlei verwijzingen naar contractvoorwaarden. Het is wel verstandig om die allemaal goed door te nemen. Dat kost veel tijd. Daarnaast speelde het probleem dat Google volledig naar Amerikaans recht redeneerde, terwijl we hier van doen hebben met Nederlands privacyrecht."

De OU besloot juridisch advies in te winnen bij een advocaat die gespecialiseerd was in internationaal contractenrecht en die op zijn beurt een Amerikaanse collega heeft gevraagd te adviseren bij de tot stand koming van dit contract. Daarnaast vroeg de OU informeel advies aan het College Bescherming Persoonsgegevens (CBP).

Ondubbelzinnige toestemming

Helwig: "Het CBP vertelde ons dat we in dit geval ‘ondubbelzinnige toestemming’ nodig hebben van studenten voor het rechtmatig gebruik van hun voorletters en achternaam. We hebben dus al onze studenten een brief gestuurd met de vraag of we die mochten gebruiken voor de aanmaak van een Gmail-adres." Vier procent van de studenten gaf geen toestemming. Zij krijgen de OU-post nu op een privé-mailadres bezorgd.

Ook bedong de OU, met hulp van de ingehuurde advocaat, dat Google de bewaartermijn van persoonsgegevens (in dit geval voorletters en achternaam) bekortte. Daarnaast kwamen de twee partijen overeen dat er geen advertenties zouden worden geplaatst naast Gmail-berichten.

Bron : Computable.nl

    Of Universiteit Utrecht, ondanks dat zij aangeven in een artikel over cloud computing dat het conformeren aan Safe Harbour op zich voldoende is voor hun studenten

De Universiteit Utrecht (ruim 7000 medewerkers, bijna 30.000 studenten) implementeert momenteel Gmail van Google voor haar studenten. Corporate Information Security Officer René Ritzen: ‘Met Gmail kunnen we de studenten tegen minder kosten meer functionaliteit bieden, met name opslagcapaciteit. Een heet hangijzer was wel de privacybescherming. Hoewel Google geen garantie geeft over de plaats van opslag, conformeert het bedrijf zich wel aan de EU safe harbour privacy principes. Dat houdt in dat Google een bij de EU passend beschermingsniveau biedt. Voor e-mailverkeer van studenten vinden we dat voldoende. Zij kunnen hun mail overigens ook laten forwarden naar een andere provider. Voor e-mail van medewerkers willen we wél minimaal de garantie dat deze in de EU wordt opgeslagen.’

Privacy, lokatie van data, wet- en regelgeving zijn zeer belangrijke aspecten en in mijn optiek vormen ze de basis voor het vertrouwen dat nodig is voor consumenten, bedrijven en instellingen om de stap naar cloud gebaseerde diensten te maken …

Microsoft has released a new version of Active Directory Federation Services : ADFS 2.0 #federatedIdentity #msonline

The Microsoft “geneva” team has released a new version of Active Directory Federation Services : ADFS 2.0.

… We are very happy to announce the general availability of AD FS 2.0! It is our pleasure to offer this release for Windows Server 2008 and 2008 R2 that makes it easier to work across companies, leverage the cloud, and develop secure applications all while using industry standard interoperable protocols. We listened to your feedback from the release candidate and have made AD FS 2.0 even easier to manage by simplifying proxy management. Finally, we’ve hammered this build to ensure you’ll see the rock solid reliability and screaming fast performance that you’d expect from Microsoft.

The setup package for AD FS 2.0 can be downloaded here.

The team behind making AD FS 2.0 can be seen in several Channel 9 videos discussing the features and capabilities of the release.

Check out the following resources to learn more about AD FS 2.0:

Countinue at source : “geneva” Team Blog

Microsoft Online Services | The Ultimate list | #BPOS #msonline

Microsoft Online Services and the Business Productivity Online Suite in particular have many aspects that (potential) customers and partners are interested in learning more about. Over the last years many websites, service descriptions, whitepapers and other sources of information have been created on all topics relevant to Microsoft Online Services.

This document is an effort to provide the “ultimate” list of this information. It is best effort and does not necessarily contain 100% correct or up to date information. Changes will be made to this document if and when time permits

I will place the document over on slideshare and refresh it over there as often as possible. If you’d like to receive the document in Microsoft Word .docx format please send me an email.

Microsoft Online Services The Ultimate List

View more presentations from dehaaspeter.

Microsoft Online Services – Enterprise Network Services Overview #BPOS

This document describes the Microsoft® Online Services networking infrastructure components and security features that support delivery of all Online Services for the enterprise that use the Internet for transport. These include all of the offerings that are part of Microsoft’s Business Productivity Online Standard Suite (Exchange Online, Office Live Meeting, etc), Dynamics, CRM Online, and many others. The document is intended for network engineers and system integrators who work with Microsoft Online Services customers. (Dedicated offerings are covered in a separate downloadable document, Microsoft Online Dedicated Service Descriptions and Service Level Agreements).

The components and features that are described include:

  • Enterprise network architecture for Microsoft Online Services
  • Microsoft’s Internet connectivity
  • Network security Microsoft is constantly investing in new technologies, expansion, and innovation of its network infrastructure.

This document is updated regularly to reflect changes that are deployed to the network to support Microsoft Online Services.

Download @ source : Microsoft Online Services – Enterprise Network Services Overview

Cloud Computing Security Considerations

Microsoft already published a number of papers on security privacy and compliancy in relation to online services and cloud computing. The following paper creates a good overview of all different aspects in using ‘the cloud’ in a secure way :

A high-level discussion of the fundamental challenges and benefits of cloud computing security, plus some of the questions that cloud service providers and organisations using cloud services need to consider when evaluating a new move, or expansion of existing services, to the cloud. This document presumes that the reader is familiar with the core concepts of cloud computing and basic principles of cloud security. It is not the goal of this paper to provide all the answers to the questions of security in the cloud or to provide an exhaustive framework for cloud security.

Source : Microsoft.com

Microsoft Online Services : (US) Government Requirements for a Secure Cloud

The US government has presented their vision for cloud computing. Ron Markezich, Corporate Vice President, Microsoft Online Services, comments on the U.S federal government’s new cloud-based computing vision and initiatives. He highlights the importance of secrity and privacy and how Microsoft sets the highest standards for this, not only for governments but all online users …

… This week, U.S. Chief Information Officer Vivek Kundra unveiled the federal government’s vision for cloud computing, beginning with Apps.gov, an online marketplace that will enable federal agencies to find and purchase cloud-based IT services. This is a smart move by the government to streamline procurement for new cloud-based solutions and lower costs.  In response, industry vendors are announcing future “dedicated” cloud services designed to meet the government’s security and privacy standards.

While other companies are just now developing – or announcing – their secure cloud strategies, Microsoft has built security and privacy into our offerings from the start. Available since 2006, Microsoft’s Business Productivity Online Suite (a part of Microsoft Online Services) “dedicated” cloud environment has been deployed and in use by a variety of businesses and government organizations with intense security and privacy requirements – such as GlaxoSmithKline and the City of Carlsbad, Calif.

The story doesn’t end there – not even close. We continue to make our customer’s security and privacy a top priority. Here is how…Microsoft’s facilities and operational infrastructure are ISO27001 certified today. The Microsoft Online Business Productivity Online Suite (BPOS), operated under the same program, is aggressively pursuing ISO certification to be achieved by end 2009. In addition to meeting this International Standard, we anticipate that the Business Productivity Online Suite will achieve FISMA Accreditation in Q1 2010.  We understand that all organizations – not just government entities on a dedicated cloud – want a high level of validated security and privacy, so these accreditations will exist for the services we provide all of our customers….

Continue at source : Microsoft Online Services Blog

Five lessons from Microsoft on cloud security

The article gives some good recognition to Microsoft for its solutions “in the cloud” over 300 Products and Services delivered securely and reliably

While Google, Amazon, and Salesforce.com have gotten the most attention as cloud service providers, Microsoft — with its 300 products and services delivered from its datacenters — has a large cloud bank all its own.

In May, the company released a paper on its approach to cloud services and how the company plans to secure those services. The paper — penned by Microsoft’s Global Foundation Services, the group responsible for overseeing the company’s software-as-a-service infrastructure — spells out the current dangers for online services, including a growing interdependence between customers and the companies that serve them and more sophisticated attacks on Internet services.

Microsoft argues that its approach to security, which it carved out with its Trustworthy Computing Initiative in 2002, works as well for online services, with some modification.

"If I take the traditional security principles, that hasn’t changed in terms of discipline and approach," said Charlie McNerney, general manager for business and risk management at Microsoft’s GFS. "What has expanded is the amount of controls we have applied."

In recent interviews, McNerney and other cloud providers shared their thoughts on Microsoft’s approach to securing cloud services and the data centers that power such services.

1. Discuss risk with customers

2. Pay attention to compliance

3. Better standards needed

4. Privacy and security are not so different

5. Don’t generalize on cloud security

 

Continue at source for the details on the 5 topics discussed :

Five lessons from Microsoft on cloud security