Microsoft Execs Like What They See in D.C.

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Cloud computing introduces many vulnerabilities, but one defense - in at least the minds of some - is to focus on securing the data. But the chief security officer of Microsoft Federal thinks that's a naïve approach.

"Security is a lot of different things," Bill Billings said. "The next tendency is to get to say, 'I can't control everything so I'm going to try to just do the data.' I agree in parts of that, but I also disagree that I wouldn't run a modern operating system or modern enterprise today, nor would I run the cloud without using firewalls, intrusion detection systems and load balancing, and all of that because our customers are protecting data with encryption. It takes all the ingredients to make the apple pie and we have to make sure we can do all that."

Billings, along with Microsoft Federal Chief Technology Officer Susie Adams, discussed a wide range of issues in an interview with GovInfoSecurity.com (transcript below), including:

• Microsoft's involvement with the federal government on various IT security initiatives.
  
• FedRAMP, the new Federal Risk and Authorization Management Program, and how it will help providers more easily deliver cloud computing services to government clients.
  
• Transparency, a key ingredient vendors must offer to earning trust from their governmental clients.

Adams and Billings were interviewed by GovInfoSecurity.com's Eric Chabrow.

ERIC CHABROW: Susie and Bill, why don't you describe what is Microsoft Federal and your roles there?

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

SUSIE ADAMS: Microsoft Federal is responsible for sales to all the federal government worldwide, so not just in the U.S. I am more broad and cover a wide variety of technologies as a CTO.

BILL BILLINGS: I am ultimately responsible for, one, understanding what the government is doing from a security prospective, and driving what I have always referred to as those unique security climates coming out of the federal government, and driving those back into products as well as work with partners to fill those requirements. The second piece to that is also evangelizing, having discussions like is on where Microsoft is going and thinking when it comes to security.

CHABROW: What are the main areas in cybersecurity that Microsoft is involved with the federal government?

BILLINGS: We are involved in quite a few different things. Just earlier this morning, Susie and I were talking with the FedRAMP folks, which is the new initiative to how do you bring clouds into the government from a security prospective. Currently, we are using the FISMA certification addressing accreditation process, and we're working with the government on a new process known as FedRAMP. We are involved with processes, from Common Criteria (for Information Technology Security Evaluation) to FIPS (Federal Information Processing Standards) to SCAP (Security Content Automation Protocol). There are a lot of the processes that the government is involved with and working with industries as Microsoft is right there with them in the trenches working through those.

ADAMS: If you think about what Microsoft does as a company, obviously we are a software company that is now moving into the services arena with our cloud services. We take a very holistic approach to security in general from a defense and depth perceptive as well as things as things like, how do we protect our online services things like Bing (Microsoft's Internet search engine). How do we protect our consumer's desktops and the software that runs on those desktops? How do we do things like anti-virus and spam? It is really a very broad topic specifically of how we help our government customers with security.

CHABROW: Let me shift the grounds a little bit looking at both of you as experts who observe the government. How would you access the job the administration is doing with cybersecurity, and second, how has Microsoft's relationship with the federal government changed since President Obama took office in January 2009?