Hi, I'm Robert Ford, Senior Director of IT Showcase. We've come to the end of our series on
securing the enterprise. Now I've really enjoyed sharing with you what I've learned from my talk with
Bret Arsenault, Microsoft's Chief Information Security Officer. I've
learned a lot and I hope you have to.
In this last episode, we will hear some final words from
Bret on Microsoft's journey towards cultural and digital transformation. He'll talk about
what this transformation means in relation to information security, and
his hopes for the future of information security. Now let's have a look.
Moving to digital transformation,
it's something every customer, company, person is experiencing.
So how does digital transformation manifest itself
into security and what approach are we taking at Microsoft? Yeah,
I think it's interesting, since I'm in the digital transformation org. You know,
we've identified basically sixteen fundamental processes we used to have to use
around the company. Security is one of the sixteen. And
if security is done right it can be enabler for all the other pieces that we want to go do. I think it's one of the big key
differentiators. I will say,
it's a lot of change in digital transformation, even for us. You think about
going from delivering software on premise to delivering service through the cloud. You think of,
you know, we used to be a perpetual license. You
buy, you can use it forever; to a subscription based license. All of those things and,
when I was in the engineering team, just understanding whose deploying and using what software in the on-
premise world is really hard. Now, we know right away who's using what, how they're using
it, how do I turn that into a customer three sixty(360) view to give the best experience. And
I also know what prioritizations I should put on things. What things we should establish and enhance versus things that
people aren't using. As I think that, even for us as a fairly digital company,
we're in huge transformation; contractual and everything- how we do contracts and
everything else. I would say the learning from us has been though, is when there's resistance; how do you get past it. It's
usually cultural, the bigger issue tends to be cultural. Technically you can do it
it's just culturally, how to do that? And I would say the learning I have there - there's this
gentleman in San Francisco, he has this term called FFUUEE. And I know you think of FFUUEE,
what does that mean? But, I love his
FFUUEE concept because it's the six reasons why anybody doesn't do something. And they tend to be kind of
true whether they're at home, whether they're at work, they tend to be pretty good which is: they either Fear
it or they don't think it's Fair. Ever had that happen at home?
Exactly! No comment.
Come on, that's kind of fun. They don't Understand it or there's
no sense of Urgency. Those are the two U's. And then the Exhausted
or Entitled. And when we were doing our own internal cloud transformation of the
full digital transformation, we kept thinking people didn't understand that so we kept creating material to
explain what we're doing and everything else. That turned out, there wasn't really a sense of urgency and people
were exhausted. There were some understanding but a lot of people, just for a job perspective, you know,
had feared, they didn't think it was fair, about the jobs they were doing in the past. So we step back and,
you know, you're shutting down three data centers, there's a sense of urgency. You need to get
your stuff going. So I think that understanding how people may resist change
and which levers you want to go pull, turned out to be super helpful
for us. I think FFUUEE is the customer take-away there so I don't need to ask that question.
It's a great one; I've never heard it but it's going to stick with us.
FFUUEE: now that's an acronym to remember. It actually stands for
Fear, Fair, Understanding, Urgency, Exhausted,
Entitled. These are such big factors that inhibit change so it's
important to educate and integrate our teams through the process to
ensure successful transformation. Continual
cultural and digital transformation means an ever-changing environment. Bret and his team
are doing a terrific job here, protecting our enterprise and he's been really generous to sharing key pieces in his
team's approach, which he symbolizes again as this three-legged stool.
The stool symbolizes the importance of balancing information protection,
device health, identity management, data telemetry,
and risk management all in the midst of an unprecedented digital transformation
at Microsoft. Every piece
plays an integral role in securing our enterprise. If any leg is compromised the
stool could topple over. As I wrapped up my conversation with Bret, I couldn't help but ask one
final question around the future: How do we stay ahead of the bad guys in the midst of all this
transformation? Have a look at what he had to say. So the last question,
it's really about the future. So we've covered an awful lot here, thank you, but one
final question: What are your security aspirations for the future, Bret?
I have a lot of them. You know, I think,
from my perspective, there's a few of them. It's somewhat based on the stool slide we talked
about at the beginning. But you really, to have a secure enterprise the first thing you have to be
able to do is, you have to be able to anticipate and respond to risk. Most companies are good at responding but,
as I said, how do you anticipate? Because there's so much, like just look at the regulatory
environment. So one(1), is a secure enterprise that anticipates and response to risk.
That's super important to me. Two(2), my aspirations are that we really get to
were all data protection travels with the data so that we don't do all
these layers and layers and layers to make that work, which creates a lot of entropy. Three,
I would love to see a model where employees have
this seamless experience with security. And we used to talk about this is
"click fearlessly". I don't want to do that because some people "click fearlessly" anyway, which does not help my life. But where
when you click on something, you know, regardless if you're on a mobile device, you're at home,
your'e on some interactive device or a virtual reality(VR) system,
you know, that what you're doing is safe and that you don't have to worry about it. You shouldn't have to worry about that,
and that's really the number three- the employee experience. And then
number four(4) for me is this thing about the intelligence in data telemetry. We
have to get to where we have visibility into the threats
and risks that work at cloud scale. So I have a lot of
hope that we can use AI and machine learning and bots
to cull through these massive sets of data but
take action against it. That would really be the closing statement, which is: if I have all that visibility how do I
self diagnose and
auto remediate? So that would be the fifth element to the whole plan from how you
identify the risk, put the user experiences, all the way to auto remediation. Those
would be my five aspirations. We'll see if we get there! Let's hope they come true. That's what I'm hoping for. So in closing then,
you know,
hard to do it, but is there a key take-away you'd like to just leave the audience with that covers this topic today?
Yeah, I would, you know, it's...yes.
People always say "What's the ONE thing I should do?" I'm not saying there's one thing but I also don't want to
explain the hundred things we are doing. I think that there isn't a silver bullet and that's for
sure. There's no one thing that's going to solve these problems. I do think that simple
stool model of, you know, the idea that you have a process
and risk management platform that you then use to prioritize the three areas around device
health, identity management, telemetry and then that will then provide the data protection,
the information protection. That's a simple enough view, like that
would be my one take away. Don't make everybody a security expert but don't believe
that only one thing will solve it. And I think that's a good blend of where we are today.
Perfect! As Bret says, there is no silver bullet.
Defense is the name of the game. I hope you've enjoyed our series on Microsoft's approach to securing
enterprise and learned a few things you can use in your own organization.
Be sure to visit IT Showcase for more news and information on how Microsoft uses
its own technologies to stay secure and digitally transform. Thanks so much for watching.
For more infomation >> Curso online de Marketing Digital - Google Actívate - Respuestas - Duration: 0:39. 
For more infomation >> The Brave - Top 10 Moments (Digital Exclusive) - Duration: 2:09. 
For more infomation >> My digital storytelling วัดหาดใหญ่ใน - Duration: 4:25. 
For more infomation >> Hackarthon | Digital Campus Bordeaux - Duration: 2:24. 
Không có nhận xét nào:
Đăng nhận xét