Microsoft Operational Security (original) (raw)

Practices to help establish a scalable process for improving operational security in cloud-based infrastructure.

Operational Security

As more and more businesses move to the cloud, it’s essential to ensure our services are more resilient to attack by decreasing the amount of time needed to prevent, detect, contain, and respond to real and potential cybersecurity threats, thereby increasing the security of services for customers. Effective operational security spans many domains—including physical security, staffing controls, asset management, and others—which are documented in numerous standards and frameworks. Operational Security outlines security engineering practices that organizations should adopt and is a framework used to improve core aspects of operational security of online services.

Practices

Operational Security incorporates the knowledge gained through capabilities that are unique to Microsoft, including the Microsoft Security Development Lifecycle (SDL), the Microsoft Security Response Center program, a deep awareness of the cybersecurity threat landscape, and data from industry standard tools. Operational Security combines this knowledge with the experience of running millions of servers in data centers globally that deliver massive-scale online services to customers and enterprises globally.