{"id":24112,"date":"2024-03-07T16:01:06","date_gmt":"2024-03-08T00:01:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/03\/07\/news-17842\/"},"modified":"2024-03-07T16:01:06","modified_gmt":"2024-03-08T00:01:06","slug":"news-17842","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/03\/07\/news-17842\/","title":{"rendered":"Enhancing protection: Updates on Microsoft\u2019s Secure Future Initiative"},"content":{"rendered":"

Credit to Author: Bret Arsenault| Date: Wed, 06 Mar 2024 17:00:00 +0000<\/strong><\/p>\n

At Microsoft, we\u2019re continually evolving our cybersecurity strategy to stay ahead of threats targeting our products and customers. As part of our efforts to prioritize transparency and accountability, we\u2019re launching a regular series on milestones and progress of the Secure Future Initiative (SFI)\u2014a multi-year commitment advancing the way we design, build, test, and operate our technology to help ensure that we deliver secure, reliable, and trustworthy products and services, enabling our customers to achieve their digital transformation goals and protect their data and assets from malicious actors.  <\/em><\/p>\n

\n
\n
\n
\t\t\t\t\t\"A\t\t\t\t<\/div>\n
\n
\n

Secure Future Initiative<\/h2>\n
\n

A new world of security.<\/p>\n<\/p><\/div>\n

\t\t\t\t\t\t\t \t\t\t\t\t\t\t\tLearn more<\/span> \t\t\t\t\t\t\t\t<\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

Microsoft\u2019s mission to empower every person and every organization on the planet to achieve more depends on security. We recognize that when Microsoft plays a role in pioneering cutting-edge technology, we also have the responsibility to lead the way in protecting our customers and our own infrastructure from cyberthreats. Against the exponentially increasing pace, scale, and complexity of the security landscape, it\u2019s critical that we evolve to be more dynamic, proactive, and integrated in our security model to continue meeting the changing needs and expectations of our customers and the market. Our rich history in innovation is a testament to our commitment to delivering impactful and trustworthy products and services that that shape industries and transform lives. This legacy continues as we consistently work to set new benchmarks for safeguarding our digital future.<\/p>\n

Expanding upon our foundation of built-in security<\/a>, in November 2023 we launched the Secure Future Initiative (SFI)<\/a> to directly address the escalating speed, scale, and sophistication of cyberattacks we’re witnessing today. This initiative is an anticipatory strategy reflecting the actions we are taking to \u201cbuild better and respond better\u201d in security, using automation and AI to scale this work, and strengthen identity protection against highly sophisticated cyberattacks. It’s not about tailoring our defenses to a single cyberattack: SFI underscores the importance of a continually and proactively evolving security model that adapts to the ever-changing digital landscape.<\/p>\n

Four months have passed since we introduced SFI, and the achievements in our engineering developments demonstrate the concrete actions we\u2019ve implemented to make sure that Microsoft\u2019s security infrastructure stays strong in a constantly changing digital environment.  Read more below for updates on the initiative.<\/p>\n

\"graphical<\/figure>\n

Transforming software development with automation and AI<\/h2>\n

As noted in our November 2, 2023 SFI announcement, we\u2019re evolving our <\/strong>security development lifecycle (SDL)<\/strong><\/a> to continuous SDL<\/strong>\u2014which we define as applying systematic processes to continuously integrate cybersecurity protection against emerging threat patterns as our engineers code, test, deploy, and operate our systems and service. Read more about continuous SDL here<\/a>.<\/p>\n

As part of our evolution to continuous SDL, we\u2019re deploying <\/strong>CodeQL<\/strong><\/a> for code analysis to 100% of our commercial products<\/strong>. CodeQL is a powerful static analysis tool in the software security space. It offers advanced capabilities across numerous programming languages that detect complex security mistakes within source code. While our code repos go through rigorous SDL assessment leveraging traditional tooling, as part of our SFI work we now use CodeQL to cover 86% of our Azure DevOps code repositories from our commercial businesses in our Cloud and AI, enterprise and devices, security and strategic missions, and technology groups. We are expanding this further and anticipate that completing the consolidation process of the last 14% will be a complex, multi-year journey due to specific code repositories and engineering tools requiring additional work. In 2023, we onboarded more than one billion lines of source code to CodeQL, which highlights our commitment toward progress.<\/p>\n

As part of efforts to broaden adoption of memory safe languages<\/strong>, we donated USD1 million in December 2023 to the <\/strong>Rust Foundation<\/strong><\/a>, an integral partner in stewarding the Rust programming language. Additionally, we\u2019re providing an additional USD3.2 million to the Alpha-Omega project<\/strong>. In partnership with the Open Source Security Foundation (OpenSSF)<\/a> and co-led with Google and Amazon, Alpha-Omega\u2019s mission is to catalyze security improvements to the most widely deployed open source software projects and ecosystems critical to global infrastructure. Our contribution this year will help expand coverage, more than doubling the number of widely deployed open source projects we analyze, including 100 of the most commonly used open source AI libraries. The Alpha-Omega 2023 Annual Report<\/a> highlights security and process improvements from last year and strides toward fostering a sustainable culture of security within open source communities.  <\/p>\n

Together, our SFI-driven advances in expanding continuous SDL, fostering secure open source updates, and adopting memory safe languages strengthen the foundation of software throughout Microsoft\u2019s own products and platforms, as well as the wider industry.<\/p>\n

Strengthening identity protection against highly sophisticated attacks<\/h2>\n

As part of our SFI engineering advances, we\u2019re enforcing the use of standard identity libraries such as the <\/strong>Microsoft Authentication Library (MSAL)<\/strong><\/a> enterprise-wide <\/strong>across Microsoft. This initiative is pivotal in achieving a cohesive and reliable identity verification framework. It facilitates seamless, policy-compliant management of user, device, and service identities across all Microsoft platforms and products, ensuring a fortified and consistent security posture.<\/p>\n

Our efforts have already seen noteworthy achievements in several key areas. We’ve reached a major milestone with full integration of MSAL into Microsoft 365 across all four major platforms: Windows, macOS, iOS, and Android marking a significant advancement toward universal standardization. This integration ensures that Microsoft 365 applications are underpinned by a unified authentication mechanism. In the Azure ecosystem, encompassing critical tools such as Microsoft Visual Studio, Azure SDK, and Microsoft Azure CLI, MSAL has been fully adopted, underscoring our commitment to secure and streamlined authentication processes within our development tools. Furthermore, over 99% of internal service-to-service authentication requests, using Microsoft Entra<\/a> for authorization, now utilize MSAL, highlighting our dedication to boosting security and efficiency in inter-service communications. Ultimately, these milestones further harden identity and authorization across our vast estate, making it increasingly difficult for threats and intruders to move between users and systems.<\/p>\n

Looking ahead, we\u2019re setting ambitious objectives to further bolster our security infrastructure<\/a>. By the end of this year, we aim to fully automate the management of Microsoft Entra ID and Microsoft Account (MSA) keys. This process will include rapid rotation and secure storage of keys within Hardware Security Modules (HSMs), significantly enhancing our security measures. Additionally, we\u2019re on track to ensure that Microsoft’s most widely used applications transition to standard identity libraries by the end of the year. Through these collective efforts we aim to not only enhance security but also improve the user experience and streamline authentication processes across our product suite.<\/p>\n

Stay up to date on the latest Secure Future Initiative updates<\/h2>\n

As we forge ahead with the SFI, Microsoft remains unwavering in its commitment to continuously evolve our security posture and provide transparency in our communications. We\u2019re dedicated to innovating, protecting, and leading in an era where digital threats are constantly changing. The progress we’ve shared today is only a fraction of our comprehensive strategy to safeguard the digital infrastructure and our customers who rely on it.<\/p>\n

In the coming months, we will continue to share our progress on enhancing our capabilities, deploying innovative technologies, and strengthening our collaborations to address the complexities of cybersecurity. We\u2019re committed to building a safer, more resilient digital world, with a focus on transparency and safety in every step.<\/p>\n

To learn more  about the Microsoft SFI and read more details on our three engineering advances, visit our built-in security site<\/a>.<\/p>\n

Learn more about Microsoft Security solutions<\/a> and bookmark the Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security<\/a>) and X (@MSFTSecurity<\/a>) for the latest news and updates on cybersecurity.<\/p>\n

The post Enhancing protection: Updates on Microsoft\u2019s Secure Future Initiative<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n

https:\/\/blogs.technet.microsoft.com\/mmpc\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Bret Arsenault| Date: Wed, 06 Mar 2024 17:00:00 +0000<\/strong><\/p>\n

A few months into Microsoft\u2019s Secure Future Initiative, read the details on what we\u2019ve accomplished across key engineering advances to deliver the next generation of built-in security for customers.<\/p>\n

The post Enhancing protection: Updates on Microsoft\u2019s Secure Future Initiative<\/a> appeared first on Microsoft Security Blog<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10759,10378],"tags":[],"class_list":["post-24112","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24112"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24112\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24112"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}