In this week’s show Jeremy Chapman is joined by cyber security expert and author, Mark Russinovich, to assess the most frequently heard cloud security threats. Mark describes each threat with its threat level and shares how Microsoft architects its cloud services to maximize data security and protect against data loss. Jeremy and Mark also give pro tips to protect against credential loss and contain the risk of user-driven shadow IT. 


Cloud security and data privacy are top themes this week and with many IT departments returning from quiet summer months, we thought we’d continue to tackle the topic of security and the most commonly heard threats. This week we’re privileged to invite cyber security expert and author of some of the best cyber security thriller novels, Mark Russinovich, back to the Garage Series.

Last week we described the processes for detecting anomalous behavior and intrusion with Matt Swann – if you haven’t checked out that show, it’s available on demand along with the entire Garage Series catalog. This week, we go beyond intrusion detection to discuss the top 5 threats we most often hear from companies and institutions considering Microsoft cloud services from Office 365 to Microsoft Azure.

  • Malicious Insiders
  • Data Breach
  • Data Loss
  • Insufficient Due Diligence
  • Account Hijacking

All of these threats have been popular in the media lately and each have corresponding controls architected into the Office 365 and Azure services as part of a proactive assumed breach approach where we default assume that a sophisticated enough attacker will find a means to compromise the service. Services are architected with built-in network and resource isolation to limit the attack surface. And beyond the defense in depth measures architected into the service we also explore what you can do as an administrator to mitigate risk such as delegating appropriate levels of access to administrators and users along with safeguards like multi-factor authentication. These controls are ultimately up to you to configure and manage. Of course we talk about all of this and rate each of the threat levels across our top 5 list on the show. Watch the show and find out more – also let us know what tops your list in comments or via @markrussinovich and @officegarage on Twitter.

See you soon!

Jeremy Chapman


More resources

From Inside the Cloud Video Channel

Garage Series Video Channel

Garage Series Season 1 Blog Archive

Follow @OfficeGarage on Twitter

Office 365 Garage Series Apps for Windows Phone and Windows 8


About the Garage Series hosts

By day, Jeremy Chapman works at Microsoft, responsible for optimizing the future of Office client and service delivery as the senior deployment lead. Jeremy’s background in application compatibility, building deployment automation tools and infrastructure reference architectures has been fundamental to the prioritization of new Office enterprise features such as the latest Click-to-Run install. By night, he is a car modding fanatic and serial linguist. Mark Russinovich works at Microsoft in the Azure product team as a Technical Fellow, Microsoft’s senior-most technical position. Mark earned a Ph.D. in computer engineering from Carnegie Mellon University and he joined Microsoft when it acquired Winternals Software, which he co-founded in 1996. He is also author of the popular Sysinternals Windows administration and diagnostic tools. He is coauthor of the Microsoft Press Windows Internals book series, a contributing editor for TechNet Magazine, and a senior contributing editor for Windows IT Pro Magazine. Mark is also a popular speaker at industry conferences like Microsoft TechEd, BlackHat and RSA Conference.




Category: Office 365; News
Published: 9/3/2014 20:35