Angela McKay Director, Government Security Policy and Strategy Microsoft
Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
.vn.ve.uz.us.uy.uk.ua.tr.tn.th.tw.ch.se.es.kr.za.si.sk.sg.rs.sa.ru.ro.pt.pl.ph.pe.pk.no.ng.nz.nl.ma.mx.my.mk.lt.lv.ke.kz.jp.it.il.ie.ir.id.in.hu.hk.gt.gr.de.ge.fr.fi.ee.eg.ed.do.dk.cz.hr.cr.co.cn.cl.ca.cm.bg.br.ba.bo.be.by.az.at.au.ar.dz.ae.vn.ve.uz.us.uy.uk.ua.tr.tn.th.tw.ch.se.es.kr.za.si.sk.sg.rs.sa.ru.ro.pt.pl.ph.pe.pk.no.ng.nz.nl.ma.mx.my.mk.lt.lv.ke.kz.jp.it.il.ie.ir.id.in.hu.hk.gt.gr.de.ge.fr.fi.ee.eg.ed.do.dk.cz.hr.cr.co.cn.cl.ca.cm.bg.br.ba.bo.be.by.az.at.au.ar.dz.ae Demographic Trends: Internet Users in 2025
Technology Trends 70% of CIOs will embrace a cloud-first strategy in 2016 50bn Mobile and IoT connected devices become ubiquitous Platform diversity 50x Data volumes surge
Third Era of Enterprise IT Every single industry will be digitally remastered. Mark Raskino, VP & Gartner Fellow Era 1: IT Craftsmanship Technology focus Era 2: Industrialization Process focus Era 3: Digitalization Business model focus Today Mobility Social Platform Insights Sporadic automation and innovation; frequent issues Services and solutions; efficiency and effectiveness Digital business innovation; new types of service
Cloud as Enabler of Digital Transformation Redesigning business processes Acquiring new customers through new channels Boosting business agility with instant-on capacity Delighting customers with personalized experiences and service Speed 2 weeks to deliver new services vs. 6-12 months with traditional solution Increasing employee productivity with ubiquitous access Instantly scale business for global reach Productivity Social Platform Insights Entering new markets by innovating with digital products and services Instantly scaling to meet demand Case Study: HarperCollins Publishers Scale Scale from 30,000 to 250,000 site visitors instantly Case Study: Autocosmos Converting capital expenses to operating expenses Redeploying IT talent onto more strategic projects Speeding application development Economics 75% less cost compared to on-premises Microsoft Azure BI Team, STMG Proof Points Central
Government Transformation Start with a trusted & resilient foundation Leverage economies of scale and expertise Use the cloud to drive future technology uptake Reshape how you engage with citizens Enable more productive work Enable domestic IoT economy 8
Economic and Societal Transformation Job Creation through Innovation Democratization of Computing Social Inclusion Increased Agility Cost Savings Security
Cyber Risk Environment Actors Objectives Actions Impacts Many methods of attack Permissive environment Increasing consequences
Escalating Conflict
Dependence and Risks Drive Public Policy
Governments Roles and Regulatory Pressures 42 Countries with Defensive Capabilities 95 Countries Developing Legislative Initiatives PROTECTOR USER 37 Countries with Declared Offensive Capabilities 54 Countries with National Cybersecurity Strategies Rising International Insecurity Increasing Regulatory Pressure EXPLOITER MONITOR Innovation at Risk
Policy Topics at Play
Policy Principles Innovative Flexible Data aware Risk based Standards based Transparent
Beyond Regulation 243 median # of days attackers are present on a victim network before detection Security Impact of cyber attacks could be as much as $3 trillion in lost productivity and growth is a CEO $3.5M Average cost of a data breach to a company 15 % increase YoY level issue Job security Customer loyalty Implications Brand reputation Intellectual property Civil liability
Complexities for the Private Sector in the Digital Age Loss of trust in products and services Complicated response cycles and operational uncertainties Distorted threat models Reciprocity costs from state actions Regulatory costs from dynamic compliance environment
Enterprise Risk Management Continuous risk management is the key to advancing persistent security. Innovating in response to attacks and incidents develops and grows sustained capabilities. Cultural adaptation is required in the face of rapidly changing threats.
Due Diligence for Cybersecurity Integrated, holistic approach beyond just IT Dedicated staff and budget Governance
Microsoft Commitment to Cybersecurity We have built a culture of strong privacy principles and leading security practices We invest deeply in building a trustworthy computing platform and security expertise We proactively fight cybercrime and advocate extensively for policies and action that enhance cybersecurity Compliance Risk management Cybersecurity Transparency Governance Advocacy
Risk Informed Choice private hybrid public CHOICE Environment operated solely for a single organization; it may be managed by that organization or by a cloud service provider. Public or private environments remain unique entities but are bound together with onpremises ICT by common technology that enables data and application portability. Multi-tenant environments in which cloud service providers own and make available to the general public their cloud infrastructure, including storage and applications. Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS)
Trusted Cloud Principles
Synergistic Roles Private Sector ü Manage risks to systems and data ü Exchange information to enable ecosystem risk management ü Enable greater control, demonstrate compliance, be transparent ü Coordinate vulnerability handling ü Provide technical expertise to governments on cybersecurity challenges ü Help identify critical infrastructure functions that would create unacceptable impacts, and should not be subject to offensive actions ü Catalyze action to define cybersecurity norms Public Sector ü Harmonize risk management requirements ü Exchange information to enable ecosystem risk management ü Create agile regimes for compliance that leverage existing standards ü Publish a vulnerability handling policy ü Engage with private sector to understand technical challenges, esp. potential consequences of actions ü Increase transparency on defensive and offensive capabilities and criteria for use ü Define and implement cybersecurity norms
Efficient and Effective Partnership ü Develop new engagement models to be both agile and appropriately inclusive ü Clearly scope to defensive cybersecurity purposes ü Focus on what is truly critical for cyberspace ü Define more specific outcomes ü Deliver, implement, iterate
Advancing Persistent Security Together 1111115556978452 112233669685425212154678 79855643127849568345122397584 589586235164652321515947643582 76732521961946735216497365216694 241651676583261964752526943276195 51656976795652365343664763143646 006436649976334003600606676796232 8456132165498796435132135648498498 651567987894565123413656498749846513 132465498798746513213246498798465143 13216549879/8746541513200000000000000 000000464984131125900000111111555697845 269621200000225587899621122336696854 5212154678974613212012437985564312784 56834512239758458631225895862351646 32151594764358256519476732521961946 2164973652166949768524165167658326 Big data Investigations Legal action 526943276195673725165697679565 36465100006436649976 Commitment to Evolved Partnership Risk management, information sharing, vulnerability handling, critical infrastructure protection, norms Synergistic roles Timely, demonstrable results Transparency Multi-stakeholder Converging Interests Innovative