- V3 Apps
Despite growing media concern over advanced persistent threats (APTs), Microsoft sees firms being able to protect themselves against most common attacks by adopting a core set of policies and best practices.
Microsoft Trustworthy Computing director Jeff Jones told V3 that the company keeps a set of core practices which, if adhered to, can give firms a solid base for warding off many security threats.
Jones said that techniques including diligent patching of both applications and the operating system, combined with maintaining security whitelists and limiting who gets administrator-level security clearances can help to greatly reduce the risk of attacks.
Cloud computing was also an area where Jones sees an opportunity for firms to improve security with minimal time and money spent. He noted that smaller firms in particular stand to benefit from the use of cloud security platforms.
"Having cloud services immediately lets them get to best practices on security," he explained.
"I think that even in broader scales for big organisations, if they invest they can get some of those rare skills, cloud gives a vehicle for consolidating that and getting that top level of expertise."
The Microsoft executive cautioned firms against getting too caught up in protecting against APTs and instead said that they should stick to security basics and focus on limiting what APT attacker could do once inside the network.
"We have to accept that persistent attackers are going to get in. If you take that as an assumption you take a whole different approach," he explained.
"If you assume that someone with enough focus can get in, you think about some other things which become important."
Microsoft has come out firmly against security panic at this year's RSA conference. Executive Scott Charney opened up the conference by telling attendees that the company's outlook on the market is far more optimistic than the gloomy picture painted by some pundits.