This article first appeared in the Spring 2017 issue of The Record.
According to Kris Teutsch, managing director of Worldwide Defence and National Security at Microsoft, Cybersecurity is ‘almost always discussed in every customer meeting that I have’. “It is the single most important topic to every client I meet.” he says.
Teutsch sees that there are two types of clients – those who have been hacked and those who don’t know they have been hacked. He adds that defence agencies globally are rushing to take steps to renovate and secure their networks.
“Traditional security measures, built using boundaries that relied solely on firewalls and reactive auditing, are now obsolete,” Teutsch states. “Data is accessed, used, and shared on premise and in the cloud. Clients need technology that protects them against evolving threats. Today’s cybersecurity measures have to ‘assume’ that a breach is or has occurred and networks have to have resiliency built into them.”
Microsoft has effective cybersecurity solutions that can scale to meet the large and small enterprise requirements for its spectrum of public safety and national security (PSNS) clients. The company also supports PSNS organisations in their digital transformation efforts by providing comprehensive platforms and unique intelligence capabilities.
“We can help clients achieve the balance of security and end-user empowerment with effective security controls that not only meet today’s challenges, but are also flexible enough to address tomorrow’s attacks,” Teutsch says. “Our approach protects their data against unauthorised access and can detect attacks. It also helps them respond and adapt to prevent it from happening again.”
Microsoft’s Enterprise Cybersecurity Group was established to provide security solutions that enable enterprise clients to protect, detect and respond to threats. Teutsch says providing security solutions for today’s ‘cloud first, mobile first’ environment is a critical step in establishing the trust necessary to instil confidence in Microsoft’s cloud solutions.
Teutsch says Microsoft asks PSNS clients a series of specific questions when it comes to security.
“Do they know who is accessing their data?” he says. “Can they grant access to their data based on risk in real time? Can they protect their data on devices, in the cloud, and in transit? Can they quickly find and react to a security breach? And are their users able to work not only effectively, but securely? These are all key points to address in the cybersecurity space for PSNS clients.”
“Clients are shaping their security measures around providing protection across all end points – from sensors to the data centre – and ensuring they have ‘risk-based-policies’ access controls,” Teutsch says. “They are also detecting threat using targeted signals, behavioural monitoring, machine learning and artificial intelligence. Responses to attacks can be quick thanks to the smaller gap between discovery and action.”
While looking to tackle these security threats, Teutsch suggests that PSNS clients should not lose sight of enterprise user scenarios.
“Ultimately, security solutions are designed to enable and protect the users of our clients’ systems,” he says. “Any security solution must be an enabler and ensure that the valid users of the enterprise will be successful and not impeded. If the solution is viewed as being too intrusive, or an impediment, it will not be used.”
While clients are taking positive measures to protect their systems from external threats, they need to be alert to malicious user intent, with Teutsch noting that threats frequently come from inside the organisation as well as outside.
“Security solutions must be able to detect and rapidly respond,” he warns. “It currently takes enterprises 220 days, on average, to detect and respond to malicious behaviour on their networks. Closing this gap between detection and response has become a critical mission for all PSNS clients.”
Learn more about Microsoft’s national security solutions at: https://aka.ms/natsec
Share this story