SlideShare uma empresa Scribd logo

Security & Scaling at Microsoft

Transferir como PPTX, PDF
Cass Phillipps
Cass Phillipps

Eric Mittelette and Stanisloas Quastano share stories of Microsoft Security and Scalability lessons learned at FailCon France 2012.

TecnologiaNegócios
1 de 59
Security & Software Disasters & changing perception Eric Mittelette & Stanislas Quastana | Microsoft
Do you remember those dark days ? May 4th 2000 July 13th 2001 September 28th 2001 January 25th 2003 August 13th 2003
As Microsoft employees we do
15 minutes before SQL Slammer infection
SQL Slammer (aka Sapphire) infection
Blaster (aka LOVE YOU SAN)
Why we fail ?
Reason 1 : features, features, features….
Reason 2 : Security was not in Developer’s DNA
Reason 3 : Everything was installed and started by default Ex: IIS Web Server
Which response ?
“Computing is already an important part of many people’s lives. Within ten years, it will be an integral and indispensable part of almost everything we do. Microsoft and the computer industry will only succeed in that world if CIOs, consumers and everyone else sees that Microsoft has created a platform for Trustworthy Computing”
“We have done a great job of having teams work around the clock to deliver security fixes for any problems that arise. Our responsiveness has been unmatched – but as an industry leader we can and must do better”
“Flaws in a single Microsoft product, service or policy not only affect the quality of our platform and services overall, but also our customers’ view of us as a company”
“So now, when we face a choice between adding features and resolving security issues, we need to choose security”
So what we did ?
Stop all development The 1st time in our history
Every Microsoft developer : back to school !!! Mandatory annual security training
« One book to protect them all »
Dear developers Few security bugs in your code = more money in your pocket
SDLC is the Microsoft security audit & expertise substance published as a methodology
Security Team created
Final Security Review mandatory
Did it work ? First results
Helping IT customers in their job
As you see, we did a lot of things But…
“Security is a journey, not a destination”
10 years later Is it better ?
“Security is a journey, not a destination”
Sometimes it’s better to be the first…
Security is an industry problem not a single company issue
Really ?
same feature but 10 years later
“Security is a journey, not a destination”
“Security is a journey, not a destination”
Thanks you  @EricMitt & @SQuastana

Recomendados

When Architecture Meets Data
When Architecture Meets DataWhen Architecture Meets Data
When Architecture Meets Data
Eoin Woods
 
Digital Solutions Studio Project Presentation
Digital Solutions Studio Project PresentationDigital Solutions Studio Project Presentation
Digital Solutions Studio Project Presentation
Stephen Reyes
 
Windows 10 Updates - The Great Debate
Windows 10 Updates - The Great DebateWindows 10 Updates - The Great Debate
Windows 10 Updates - The Great Debate
Ivanti
 
Tackling Office 365 Deployment Challenges
Tackling Office 365 Deployment ChallengesTackling Office 365 Deployment Challenges
Tackling Office 365 Deployment Challenges
Ivanti
 
Sonatype storybook go fast_be secure
Sonatype storybook go fast_be secureSonatype storybook go fast_be secure
Sonatype storybook go fast_be secure
Debbie Rosen
 
Maximize your IT Data and Analytics
Maximize your IT Data and AnalyticsMaximize your IT Data and Analytics
Maximize your IT Data and Analytics
Ivanti
 
2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...
2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...
2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...
Joakim Lindbom
 
cloud security
cloud securitycloud security
cloud security
adultgroup1
 

Recomendados

When Architecture Meets Data
When Architecture Meets DataWhen Architecture Meets Data
When Architecture Meets Data
Eoin Woods
 
Digital Solutions Studio Project Presentation
Digital Solutions Studio Project PresentationDigital Solutions Studio Project Presentation
Digital Solutions Studio Project Presentation
Stephen Reyes
 
Windows 10 Updates - The Great Debate
Windows 10 Updates - The Great DebateWindows 10 Updates - The Great Debate
Windows 10 Updates - The Great Debate
Ivanti
 
Tackling Office 365 Deployment Challenges
Tackling Office 365 Deployment ChallengesTackling Office 365 Deployment Challenges
Tackling Office 365 Deployment Challenges
Ivanti
 
Sonatype storybook go fast_be secure
Sonatype storybook go fast_be secureSonatype storybook go fast_be secure
Sonatype storybook go fast_be secure
Debbie Rosen
 
Maximize your IT Data and Analytics
Maximize your IT Data and AnalyticsMaximize your IT Data and Analytics
Maximize your IT Data and Analytics
Ivanti
 
2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...
2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...
2015 10 dev ops n-fi - why it's a good idea to deploy 10 times per day v1.0 -...
Joakim Lindbom
 
cloud security
cloud securitycloud security
cloud security
adultgroup1
 
Olivier failcon
Olivier failconOlivier failcon
Olivier failcon
Cass Phillipps
 
8 unityunion
8 unityunion8 unityunion
8 unityunion
Cass Phillipps
 
2 sixwaveslo lapps
2 sixwaveslo lapps2 sixwaveslo lapps
2 sixwaveslo lapps
Cass Phillipps
 
5 gamesalad
5 gamesalad5 gamesalad
5 gamesalad
Cass Phillipps
 
The Rocky Road of an Acquisition
The Rocky Road of an AcquisitionThe Rocky Road of an Acquisition
The Rocky Road of an Acquisition
Cass Phillipps
 
7 ansca
7 ansca7 ansca
7 ansca
Cass Phillipps
 
Build and Distributing SDK Add-Ons
Build and Distributing SDK Add-OnsBuild and Distributing SDK Add-Ons
Build and Distributing SDK Add-Ons
Dave Smith
 
10 neurosky
10 neurosky10 neurosky
10 neurosky
Cass Phillipps
 
DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information Security
Darin Morris
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Be
morisson
 
UHealth is a health insurance provider based in Australia F.pdf
UHealth is a health insurance provider based in Australia F.pdfUHealth is a health insurance provider based in Australia F.pdf
UHealth is a health insurance provider based in Australia F.pdf
info824030
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
Insights success media and technology pvt ltd
 
We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secure
Eoin Keary
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
uNIX Jim
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
Mighty Guides, Inc.
 
KarRox Oman IT Launch -2010
KarRox Oman IT Launch -2010KarRox Oman IT Launch -2010
KarRox Oman IT Launch -2010
sandipdatta95
 
Office 365 Security - Its 2am do you know whos in your office 365
Office 365 Security - Its 2am do you know whos in your office 365Office 365 Security - Its 2am do you know whos in your office 365
Office 365 Security - Its 2am do you know whos in your office 365
Jack Nichelson
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devops
James '​-- Mckinlay
 
5 Practices for Better, Cheaper, Faster Service Delivery
5 Practices for Better, Cheaper, Faster Service Delivery5 Practices for Better, Cheaper, Faster Service Delivery
5 Practices for Better, Cheaper, Faster Service Delivery
Rob Schoening
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
Jonathan Sinclair
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
Mark Nunnikhoven
 

Mais conteúdo relacionado

Destaque

Destaque (8)

Olivier failcon
Olivier failconOlivier failcon
Olivier failcon
 
8 unityunion
8 unityunion8 unityunion
8 unityunion
 
2 sixwaveslo lapps
2 sixwaveslo lapps2 sixwaveslo lapps
2 sixwaveslo lapps
 
5 gamesalad
5 gamesalad5 gamesalad
5 gamesalad
 
The Rocky Road of an Acquisition
The Rocky Road of an AcquisitionThe Rocky Road of an Acquisition
The Rocky Road of an Acquisition
 
7 ansca
7 ansca7 ansca
7 ansca
 
Build and Distributing SDK Add-Ons
Build and Distributing SDK Add-OnsBuild and Distributing SDK Add-Ons
Build and Distributing SDK Add-Ons
 
10 neurosky
10 neurosky10 neurosky
10 neurosky
 

Semelhante a Security & Scaling at Microsoft

UHealth is a health insurance provider based in Australia F.pdf
UHealth is a health insurance provider based in Australia F.pdfUHealth is a health insurance provider based in Australia F.pdf
UHealth is a health insurance provider based in Australia F.pdf
info824030
 
KarRox Oman IT Launch -2010
KarRox Oman IT Launch -2010KarRox Oman IT Launch -2010
KarRox Oman IT Launch -2010
sandipdatta95
 
Office 365 Security - Its 2am do you know whos in your office 365
Office 365 Security - Its 2am do you know whos in your office 365Office 365 Security - Its 2am do you know whos in your office 365
Office 365 Security - Its 2am do you know whos in your office 365
Jack Nichelson
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
Mark Nunnikhoven
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
walk2talk srl
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
Stefan Streichsbier
 

Semelhante a Security & Scaling at Microsoft (20)

DevOps and the Future of Information Security
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information Security
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Be
 
UHealth is a health insurance provider based in Australia F.pdf
UHealth is a health insurance provider based in Australia F.pdfUHealth is a health insurance provider based in Australia F.pdf
UHealth is a health insurance provider based in Australia F.pdf
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secure
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
 
7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint7 Experts on Implementing Microsoft Defender for Endpoint
7 Experts on Implementing Microsoft Defender for Endpoint
 
KarRox Oman IT Launch -2010
KarRox Oman IT Launch -2010KarRox Oman IT Launch -2010
KarRox Oman IT Launch -2010
 
Office 365 Security - Its 2am do you know whos in your office 365
Office 365 Security - Its 2am do you know whos in your office 365Office 365 Security - Its 2am do you know whos in your office 365
Office 365 Security - Its 2am do you know whos in your office 365
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devops
 
5 Practices for Better, Cheaper, Faster Service Delivery
5 Practices for Better, Cheaper, Faster Service Delivery5 Practices for Better, Cheaper, Faster Service Delivery
5 Practices for Better, Cheaper, Faster Service Delivery
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & MicrosoftCCI2018 - La "moderna" Sicurezza informatica & Microsoft
CCI2018 - La "moderna" Sicurezza informatica & Microsoft
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
 
Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
 
MMD e-book True Digital Transformation.pdf
MMD e-book True Digital Transformation.pdfMMD e-book True Digital Transformation.pdf
MMD e-book True Digital Transformation.pdf
 

Mais de Cass Phillipps

Sarah Prevette on Closing Down
Sarah Prevette on Closing DownSarah Prevette on Closing Down
Sarah Prevette on Closing Down
Cass Phillipps
 

Mais de Cass Phillipps (11)

4 adobe gaming on tv
4 adobe gaming on tv4 adobe gaming on tv
4 adobe gaming on tv
 
1 gamedojos
1 gamedojos1 gamedojos
1 gamedojos
 
9 mugeda igda
9 mugeda igda9 mugeda igda
9 mugeda igda
 
On Bankrupcy
On BankrupcyOn Bankrupcy
On Bankrupcy
 
Failure and Agility
Failure and AgilityFailure and Agility
Failure and Agility
 
5 Entrepreneurial Myths
5 Entrepreneurial Myths5 Entrepreneurial Myths
5 Entrepreneurial Myths
 
Robin Chase on Product Failure
Robin Chase on Product FailureRobin Chase on Product Failure
Robin Chase on Product Failure
 
Sarah Prevette on Closing Down
Sarah Prevette on Closing DownSarah Prevette on Closing Down
Sarah Prevette on Closing Down
 
Expo y failure
Expo y failureExpo y failure
Expo y failure
 
FailCon slides
FailCon slidesFailCon slides
FailCon slides
 
Good design faster slides failcon 2010
Good design faster slides failcon 2010Good design faster slides failcon 2010
Good design faster slides failcon 2010
 

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Último (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Security & Scaling at Microsoft