Security Update Guide

From the Windows Server Update Services, Microsoft Security Bulletins, and Patch Tuesdays, Microsoft has had a long history in being a leader with security updates. In an effort to modernize the process of informing organizations with needed information, Microsoft is introducing the new Security Update Guide, which is a searchable database that you can use to find updates and filter them based on what you’re interested in. Once you find what you’re interested in, you can then download the list of updates and associated data as an Excel spreadsheet.

Security and SQL Azure

I was doing some research on Security and SQL Azure Databases and found this great article form Joseph D’Antoni (Denny Cherry & Associates Consulting) and Stacia Varga (Data Inspirations) that I highly recommend. The summary states, “This paper details the security and data management features found in Microsoft Azure SQL Database. It first describes the security foundation provided by Microsoft Azure and then explains the techniques and features used to manage data access in SQL Database; to log and monitor database activity; to protect data at rest and in transit; and to build secure applications. By understanding and using these features correctly, you can remain confident that your data in the cloud is protected.”

Virtual Security Summit

vssCyberattacks cost organizations $400 billion a year. It seems nearly every week a new cyberattack is announced, against a corporation, a government agency, or a nonprofit organization. This has made cybersecurity a top issue for IT, Security, Legal and the board room. On March 29th, hear from top security experts and key Microsoft security professionals for a three-hour event Virtual Security Summit dedicated to better understanding today’s Enterprise Security industry.

Microsoft Azure Security

12717841_10154579941974867_7504852617848177652_nLast year (2015) was a big year for Azure Security. Microsoft released a number of new security capabilities such as Azure Disk Encryption, Azure Key Vault, SQL Transparent Data Encryption (TDE) and Column Level Encryption (CLE), Storage Client-side Encryption, and more. On the product/service side we introduced the public preview of Azure Security Center. The year passed like a whirlwind and the pace of change in Azure kept us all on our toes. Let’s take a look at what the Azure Security team and other partners have published last year to help you keep up to date.

Key Length and Encryption Strength

th (1)

Key Length and Encryption Strength

The strength of encryption is related to the difficulty of discovering the key, which in turn depends on both the cipher used and the length of the key.

Encryption strength is often described in terms of the size of the keys used to perform the encryption. Generally, a longer key will provide a stronger encryption. Key length is measured in bits. For example a 128-bit key would be stronger than a 40-bit key.

However, because of the math associated with their algorithms; some ciphers can use only a subset of the possible values for a given key length, while other ciphers can use all possible values for a given key length. Therefore, different ciphers may require different key lengths to achieve the same level of encryption strength.

Here are some links to learn more about Hashing Algorithms, Symmetric Keys, and Asymmetric Keys.