How do Amazon and Microsoft address cybersecurity?

Tech giants like Facebook, Amazon, Microsoft, Google, and Apple (FAMGA) are investing heavily in data security.

　　If we talk about the companies that are being watched the most closely, they are the giants that are closest to consumers - Facebook, Google and Apple. However, data security is not just a problem for Facebook.

　　In fact, a CB Insights report states that these tech giants track our behavior, store our financial information, know where we work and live, what products we buy, and more. Therefore, each of them needs to take action.

　　As they take action, the giants prioritize cybersecurity initiatives in two different areas:

　　First, personal data.

　　Personal data has become the most sought-after commodity in the digital age. Even Jack Ma has said that Alibaba is not a retail company, but a data company. As you can see, because it is so valuable and not fully understood, the general public has only recently begun to understand the scope of data collected by large technology giants.

　　Second, enterprise data. Almost all large companies, from healthcare to finance, have back-end systems that are built around the services provided by Big Tech.

　　So, how do the remaining two enterprise service giants, Amazon and Microsoft, respond? Today, Silicon Valley Insight Institute continues to compile and organize CB Insights' research report "How Big Tech Is Finally Tackling Cybersecurity" to see how technology giants deal with cybersecurity issues.

　　Amazon: Focus on AWS + smart home security

　　Amazon hasn't had nearly the data breach problems that some other tech giants have. It has suffered only a few notable controversies over the years.

　　Before Black Friday last year, the company cited a "technical error" on its website that published some undisclosed customer names and email addresses.

　　For Amazon, the bigger scandal in 2018 was the possibility that its smart speaker Echo could record conversations through Alexa and send them to other users. Amazon addressed the issue in a statement, saying that a series of accidentally issued Alexa commands caused the problem.

　　In short, Alexa could be listening in on what you’re saying. With the smart speaker market exploding and expected to continue growing over the next five years, this is an issue that will only continue to gain traction.

　　This means that in addition to protecting its own user data, Amazon has two main areas of focus for cybersecurity and data protection: Amazon Web Services (AWS) and smart home security.

　　As we all know, AWS is a division of Amazon that focuses on cloud computing, database storage and other functions. It has a huge enterprise-level customer base, including some of the world's largest companies - such as Netflix, Expedia and NASA.

　　Of course, Amazon is also a cloud services provider to the U.S. government.

　　In November 2017, Amazon announced its "AWS Secret Region" as "the first and only commercial cloud provider to offer government workloads in regions including Unclassified, Sensitive, Secret, and Top Secret." The company is also competing to win a $10 billion contract called the Joint Enterprise Defense Infrastructure (JEDI), which will allow it to provide cloud services to the Department of Defense.

　　But even AWS services have had several security breaches due to incorrect settings and configurations.

　　For example, Accenture, Uber, and Time Warner are all AWS users. Uber was involved in an incident that exposed 57 million customers.

　　(Techcrunch report on data breach)

　　In light of these blunders, Amazon no longer fully leaves data security in the hands of its customers.

　　The company has since worked to improve the AWS user interface to help better manage and control access. It has also implemented GuardDuty, a threat detection service for protecting AWS accounts. The company has also launched additional AWS services for security, including the machine learning-powered Amazon Macie.

　　Improving settings might seem harmless, but research shows that most security breaches in cloud services are due to incorrect settings, and the average cost of a data breach is $6.5 million, according to Cloudnosys.

　　(Source: Cloudnosys. The cost of data breaches in 2017, 95% of cloud service security breaches were caused by setting errors, the average cost of data breaches was $6.53 million, hard intellectual property theft increased by 56%, and 70% of consumers said they would avoid continuing to use services after a security breach)

　　Similarly, in terms of patent applications, Amazon has applied for a patent called "Encrypted Data Storage Management," which describes encryption services for AWS users. For companies in industries such as finance, medicine, and hospitality, where protecting users' private data is critical, this is a particularly attractive service.

　　As for cybersecurity related to Alexa, Amazon has so far allayed users' concerns, including providing users with more comprehensive documentation to inform them when they are being recorded, how their data is used, and how to delete recorded data.

　　Amazon also has strict control standards for apps, implemented a more rigorous review process, and began encrypting logged data between Echo devices and Amazon servers.

　　(The flow of data from the customer's device to various parts of the service provider's computer network)

　　In early 2019, Amazon acquired Eero, a San Francisco startup that makes Wi-Fi networking equipment with mesh routers that have built-in cybersecurity services. It was thought that Amazon might use this underlying technology in its smart home products, including smart speakers, to add a layer of protection.

　　Microsoft: Exploring Homomorphic Encryption

　　Microsoft takes data protection and network security very seriously, mainly because of its extensive influence in enterprise systems. However, some security controversies are inevitable:

　　In December 2018, an Indian bug hunter named Sahad Nk discovered a vulnerability in a Microsoft subdomain that could have allowed hackers to access users' Microsoft Office accounts.

　　Microsoft CEO Satya Nadella spoke about the company’s increased focus on cybersecurity during his speech at this year’s Mobile World Congress:

　　"We believe privacy is a fundamental human right. That's why we prioritize cybersecurity, not only for large companies, but also for small businesses and consumers who are often most vulnerable to cyberattacks."

　　According to Tech Republic, Microsoft's total investment in data security and protection exceeds $1 billion per year. This includes cooperation with security researchers around the world and rewards those who discover vulnerabilities. Microsoft paid $2 million for security vulnerabilities last year.

　　In addition to investing money, if we look at the areas where Microsoft focuses, first, it pays special attention to improving the security of its cloud computing service Azure, because Microsoft is one of the companies bidding for the military-focused JEDI contract (there are also Amazon, Oracle, and IBM mentioned above, but Oracle and IBM have been eliminated at present).

　　As enterprise usage of Azure grows and Amazon gains market share, it becomes more important for Microsoft to invest in innovation and artificial intelligence to protect against the estimated 7T of cyber threats per day.

　　Microsoft is also playing a big role in election security, with the company launching two programs specifically focused on election security in the U.S. and Europe.

　　Microsoft Account Guard is a system that will provide threat detection and security guidance for "email systems operated by organizations and the personal accounts of leaders and employees of those organizations who opt in."

　　In addition to the Account Guard program, another feature called the Defending Democracy Program is designed to protect "pro-democracy organizations" from hackers and disinformation campaigns. These programs have been launched in the United States and are now being rolled out in Europe.

　　The third area of ​​exploration is: homomorphic encryption (HE).

　　Homomorphic encryption is a scheme that allows operations to be performed on data without decrypting it. If a user asks for data from that collection, the user will still get the correct answer, but the sources will be encrypted, maintaining privacy.

　　In late 2018, Microsoft moved its homomorphic encryption library (called Simple Encrypted Arithmetic Library, SEAL) to open source on GitHub. This reflects a push by Microsoft and other stakeholders such as Intel, IBM, and SAP to introduce an agreed-upon standard for homomorphic encryption.

　　To this end, Microsoft has begun developing a number of patents in this area.

　　Among them, the 2016 "Encrypted Data Neural Network" patent and the 2018 "Genomic Data for Encrypted Storage and Genomic Computing" patent both focus on methods for protecting encrypted data in the cloud and the ability to share data when encrypted.

　　As AI and natural language processing (NLP) become more integrated, Microsoft also hopes to use biometric-related tools such as handwriting scanning, voice recognition and computer vision to protect access to data.

　　In terms of acquisitions, Microsoft acquired Hexadite, an Israeli company focused on strengthening network security, in 2017. The purpose of this acquisition is believed to be to leverage Hexadite's capabilities in next-generation security threat investigation and apply it to Microsoft's Windows Defender Advanced Threat Protection to identify and fix threats faster.

　　in conclusion

　　As data security becomes more important to end users, tech giants will continue to seek ways to protect data and provide security for the tools and services used by billions of people around the world.

　　Facebook, Amazon, Microsoft, Google, and Apple are all working to strengthen cybersecurity operations in their systems. From updating privacy policies to security-focused patents to tapping startups for help, each company is focusing on data protection to win user trust.

　　Going forward, we can expect that cybersecurity operations will play a vital role in how consumers and businesses decide how to share their data, and that giants like FAMGA will continue to make this a priority.

　　Do you think your data is well protected? Which of these big companies' practices do you think is the most effective?