With users becoming increasingly concerned about cybersecurity, it’s no surprise that Amazon, Google, and Microsoft have taken measures to protect their users from cyber threats. Several organizations have already had significant data breaches this year, including CNA Financial and Acer. An active exploit of four zero-day vulnerabilities in Microsoft’s Exchange Server resulted in a mass cyberattack that affected millions of Microsoft clients worldwide. Among the companies affected by the attack are over 60,000 private companies in the US alone. Considering the demand for cybersecurity measures, and what happens when they fail, here’s how Amazon, Google, and Microsoft have worked to compete against the threat.
Compared to some of the other big tech brands, Amazon has had markedly fewer problems with data breaches. They have taken steps specifically to secure their cloud services and smart speakers.
Amazon’s Approach to Cybersecurity
The company’s cybersecurity and data protection efforts go beyond their own users’ data. They also include Amazon Web Services (AWS) and smart home security. Cloud computing, database storage, and other functions are the focus of AWS, a division of Amazon. Enterprise-level AWS clients include Netflix, Expedia, and NASA. Many high-profile security breaches were caused by incorrect AWS configurations, including Accenture, Uber, and Time Warner.
In response, Amazon is no longer relying entirely on its clients to secure their data following these errors. Amazon has worked to enhance AWS’ user interface and control access. As part of their compliance efforts, they have deployed GuardDuty, a threat detection service. In addition, Amazon has launched a machine learning-based security service, Amazon Macie, for AWS. AWS users can also utilize Amazon’s management of encrypted data storage patent. Businesses in sectors such as finance, medicine, and hospitality – where ensuring user privacy is crucial – find this to be particularly useful.
When it comes to Alexa’s cybersecurity, Amazon has taken steps to ease users’ concerns, including providing more detailed information about when users are being recorded, how data is used, and how to delete recorded data.
A tougher app review process for Alexa devices has been implemented by Amazon, and information transmitted between Amazon’s devices and Echo devices is now encrypted.
Two breaches were reported around Google+ in 2018. While Google+ was already shutting down due to low engagement rates and the recent data breaches, the service was forced to close early. As well as better audits, Google is also working to improve cybersecurity measures, especially for enterprises.
Google’s Approach to Cybersecurity
Data protection has been a focus for Google over the past several years. In 2018, Project Strobe was launched to determine why users were not engaging with Google products and services due to security and privacy concerns specifically. It examined third-party developer access to Google account data and data on Android devices. Google+ was one of the main points of its report, but it also improved and upgraded users’ control over account settings and permissions. Mobile apps appearing on Android mobile devices were also subject to new limitations on how they could access services such as Gmail and call logs.
A similar attempt is being made by Google to protect high-risk Gmail users such as journalists, activists, business leaders, and political campaign teams. Area1 Security estimates that 65% of candidates in the 2018 US midterms used Gmail accounts. Protection efforts for these users include more advanced features such as two-step verification for sign-in and account access restrictions to third-party apps.
The company has launched another subsidiary, Chronicle, from its moonshot factory, X. Chronicle’s a new platform that provides threat signals that can help users protect thousands of petabytes of data. All of this data can be searched for viruses, hacks, and security breaches more quickly with it centrally located, not spread across multiple tools and operating systems.
Google has also been focusing on enterprise-grade cloud security with recent patents. A recent patent describes access control for user-related data as a method for detecting potential big data leaks while deploying encryption technology so the data remains private.
Considering how widely Microsoft reaches across enterprise systems, they are especially focused on protecting data and ensuring cybersecurity. Because they are in the running for JEDI contracts (along with Amazon and Oracle), they also have focused heavily on improving cloud security.
Microsoft’s Approach to Cybersecurity
Microsoft is taking a serious role in election security while also emphasizing cloud security, especially around their cloud computing service, Azure. In both the US and Europe, the company has developed programs dedicated to election security. With threat detection and security guidance, Microsoft AccountGuard offers these services to the leaders and employees of organizations for their accounts. AccountGuard also comes with a program called Defending Democracy, which is aimed at preventing hacking and disinformation campaigns against organizations that support democracy. The programs are offered throughout the United States, as well as in Europe.
According to the Tech Republic, Microsoft invests over $1 billion a year in data security and protection. The increasing enterprise use of Azure, and its impact against Amazon’s market share, make it even more critical that Microsoft invests in innovation and artificial intelligence to keep pace with what are estimated to be 7 trillion cyberthreats per day.
Homomorphic encryption (HE) is being considered by Microsoft, as well. Data can be processed using homomorphic encryption without having to be decrypted beforehand. Data for the set is still available, but it is encrypted, protecting your privacy. The Simple Encrypted Arithmetic Library (SEAL) of Microsoft with homomorphic encryption was moved to an open-source repository on GitHub in late 2018. Microsoft and other stakeholders, including Intel, IBM, and SAP, have been pushing for HE standards.
Microsoft has been working on several patents related to HE standards, as of late. Patents granted in 2016 and 2018 describe various methods of securing encrypted data in the cloud and how data can be shared while remaining encrypted.
Microsoft may be able to secure data access utilizing biometric-related technologies like handwriting scanning, voice recognition, and computer vision as AI and natural language processing (NLP) combine.
Additionally, Hexadite was acquired by Microsoft in 2017 to enhance cybersecurity by providing faster detection and remediation of threats with Windows Defender Advanced Threat Protection. This uses Hexadite’s next-generation security threat investigation capabilities.
Data security is becoming more important to end-users, and big tech companies are striving to continue offering tools and services to users while still protecting their data. It is in Amazon’s, Google’s, and Microsoft’s (AGM) interest to improve cybersecurity. By extending their focus on data protection through policies, patents, and leveraging startups, these organizations are expanding their focus on user trust. Consumers and businesses will increasingly rely on cybersecurity practices as they decide how to share data and AGM will continue to excel if they keep it a top priority.