At the Security World 2016 organised by the Ministry of Public Security in Hanoi last week, VIR talked to Keshav Dhakad, regional director of Microsoft Digital Crimes Unit (DCU) for the Asia region about Microsoft’s role of trusted advisor in the security worldwide.

How do you assess the cyber security in Vietnam?

Vietnam, which is increasing its investments in IT Infrastructure, consumption and modernisation of businesses, banking  and finance industry, and government departments and public services, is increasingly facing the cybercrime attacks and threats, unless cybersecurity is given a comprehensive attention.

The general cyber threats are of all kinds - from compromise of systems, online banking fraud, denial of service attacks (DDoS), theft of business data, stealing confidential information and disruption of IT based services.

The problem becomes more compounded when there is a lack of awareness and sensitisation around risks from cybercrime, poor IT management and governance, insufficient cybersecurity practices, and unsecure IT supply chain through large scale use of non-genuine/pirated software.

A report by Vietnam Information Security Association (VNISA) has provided some good insights into the challenges and opportunities.

As the world’s leading IT company, what is Microsoft doing to cope with cyber crimes?

Microsoft has the longest experience in the IT industry in cybercrime issues, which provides us a very unique perspective of rising cybersecurity challenges and how to effectively deal with the trends.

We invest over $1 billion every year in security alone through innovation research and development (R&D) and strategic accusations.

For Microsoft, cybersecurity is a No.1 priority to protect its platform and infrastructure, which translates to protecting and providing security to its large customer base.

With Trustworthy Computing (TWC) initiative, which started 14 years back, an extensive attention was paid to how Microsoft engineers were coding the software in a highly secure way, to make the software inherently secure.

On top of it, Microsoft has made huge investments in building a security “built-in” strategy for all its products and cloud services, which enables our customers to protect, detect and respond faster.

What makes Microsoft very effective in analysing and assessing the rising cybercrime threats is its global security intelligence graph – a collection of high value threat intelligence through billions of end-points/systems where Microsoft software is being consumed, which gives the company visibility to the latest threats across the world.

It’s a very unique way to use “infrastructure as a sensor” to have the best intelligence in place.

Security innovations in Windows 10, enterprise grade security in Cloud solutions (Azure, Office 365 and InTune), investments in Machine Learning by way of advancements in advanced threat analytics, behavioural analytics, log analysis, access and identity management, and high-end security services, are just few examples of Microsoft’s efforts in bringing “trust” before our customers and partners.

Besides TWC, Microsoft other core assets in cybersecurity are Enterprise Cybersecurity Group (ECG), for providing best security services and solutions to its enterprise customers, Cyber Defense Operations Center (CDOC), a 24/7/365 facility manned by top security team experts in the company, to protect, detect and respond to threats to its infrastructure, facilities and customers, and the Cybercrime Center, home to Microsoft Digital Crimes Unit (DCU), a team having unique capability to disrupt cybercriminal activities at a global scale through a strong public-private partnerships. DCU also has strong threat intelligence sharing partnerships with CERTs, ISPs & Banks.

What can Microsoft offer to improve the cyber security in Vietnam?

Microsoft brings a comprehensive IT ecosystem and expertise to support cybersecurity efforts in Vietnam, particularly, through its trusted Public Cloud platform.

Microsoft has recently signed a Government Security Program (GSP) agreement with the Vietnamese government, through which it would provide designated government agencies online access to source code, information sharing of threats and vulnerability information, technical data about products and services, access to tools, and access to deeper source code review at a Microsoft Transparency Center.

Are there any differentiations between Microsoft’s security products and solutions compared to others’?

We are not competing in the security space with anyone, as much as we wish to differentiate our strong ability to provide “built-in” security capabilities of our product and cloud services, as compared to “bolt on” traditional practices.

Our Trusted Cloud principles, practices and investments around (i) privacy by design, (ii) built-in security, (iii) continuous compliance, (iv) and transparency services, provide a comprehensive peace of mind on security to our customers, while providing tremendous productivity, mobility, and cost benefits.

VIR