C
Chauncey Larsen
Surface products are built with customer trust at the forefront. Maintaining this trust requires ensuring the security of our physical, logistics, and software supply chains. By applying rigorous security controls across the entire Surface lifecycle, Microsoft and our suppliers ensure that the software powering Surface devices is secure, reliable, and meets customer expectations.
Surface products are designed to be ‘Born Secure’. This involves applying Microsoft security principles in cyber, physical and logistics security. Surface applies these security controls across all areas of product making, including software, hardware, and services. The following summarizes the security controls applied throughout the product build and ship lifecycle.
Surface devices have a long product lifecycle, spanning many years from conception to retirement. They are made of silicon, hardware, software, firmware and security configurations produced by Microsoft and our suppliers. We take a holistic approach to address supply chain security in Surface by applying security controls across all phases, including conception, design, development, production, delivery and maintenance.
Securing the supply chain requires explicit trust in the physical and digital supply chains of component and product producers. Device supply chain security includes hardware and component security along with software security.
Microsoft and Surface have taken proactive measures by conducting supplier audits to identify and address the top three supply chain threats: ransomware, phishing, and malware. Through collaboration and education, we work closely with suppliers and factories to ensure our hardware products incorporate Microsoft's standards-based manufacturing security system.
In addition to supplier audits and logistics security controls, Surface participates in worldwide shipping and transportation programs aimed at enhancing the security of global trade. These programs include the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Transported Asset Protection Association (TAPA). C-TPAT is a voluntary initiative by the US Customs and Border Protection agency to prevent terrorism and smuggling by building cooperative relationships with importers, carriers, brokers, and other trade partners. As a global industry association, TAPA establishes standards and best practices to protect high-value cargo from theft and hijacking. By joining these programs, Surface demonstrates its commitment to secure and efficient supply chain operations.
Surface Software and Firmware are built with the principles of 'Secure by design, secure by default and secure in deployment’. These principles are foundational to Microsoft product development philosophy and are embodied in Surface development. Surface relies on Microsoft's product security in Windows, and Windows applications integrating these measures into Surface software and firmware. Surface firmware resiliency helps ensure the integrity of all software and firmware from the moment of cold/warm boot, even before any Windows OS security is in place. Surface's commitment to security principles is reflected in the Secure Development Lifecycle (SDL) applied across our products.
Surface devices are powered by software that delivers the functionality and user experience that customers expect. Ensuring software supply chain security involves verifying that the software components and updates delivered to Surface devices are authentic, secure, and reliable. This process covers the entire lifecycle of software development and delivery, from design and coding to testing and deployment.
We have evolved the Secure Development Lifecycle to adapt to the changing threat landscape and regulatory demands such as the US Executive Order 14028 (“Improving the Nation’s Cybersecurity”). Our latest SDL updates focus on simplicity, automation, and providing developers with guidance and guardrails. We leverage enforcement mechanisms within our development and cloud platforms to enforce SDL requirements early in the development lifecycle. For example, we scan code for potential exposure of sensitive information before it's committed to version control and ensure that code is reviewed by someone other than the author before submission.
While minimizing vulnerabilities is a key focus, we have also invested in finding vulnerable code across our products and services. We use CodeQL, a powerful static analysis tool, to identify security issues and potential vulnerabilities in various programming languages.
Software supply chain security is critical for customer trust because software can be compromised or tampered with at various stages of the supply chain, either intentionally or unintentionally. Malicious actors can exploit vulnerabilities in the software code, insert malicious code, or modify the software configuration to compromise the security and privacy of the device and its data. Errors or bugs can also introduce security risks or degrade the performance of the software.
A dependable development infrastructure is essential for providing reliable software. Surface takes advantage of Microsoft's engineering system, which integrates Zero Trust security principles that extend beyond identity, device, and access. This includes measures to secure our developers, such as phishing-resistant Multi-Factor Authentication (MFA), conditional access policies requiring managed, healthy devices for accessing DevOps web applications, replacing Personal Access Tokens (PAT) with Managed Identities, and applying the principle of least privilege when managing version control and build configuration. The engineering system also maintains a Software Bill of Materials (SBOM) for all products and ensures that a Software Development Lifecycle (SDLC) practice is implemented for all packages. Surface products generate build manifests in easily shareable and consumable open formats. SBOMs are a crucial component of software supply chain security for all our products.
Microsoft Devices are heavily investing in security by 'shifting left' security architecture, resulting in a more secure product and ecosystem for the customer. By applying security controls earlier in the product lifecycle, we can discover and address potential vulnerabilities sooner, reducing the attack surface and enhancing the overall security of our products.
This proactive approach to security, combined with our commitment to collaboration and education with our suppliers and third parties, ensures customers can trust in the security and reliability of Surface.
Continue reading...
Born secure: A holistic security approach
Surface products are designed to be ‘Born Secure’. This involves applying Microsoft security principles in cyber, physical and logistics security. Surface applies these security controls across all areas of product making, including software, hardware, and services. The following summarizes the security controls applied throughout the product build and ship lifecycle.
Surface devices have a long product lifecycle, spanning many years from conception to retirement. They are made of silicon, hardware, software, firmware and security configurations produced by Microsoft and our suppliers. We take a holistic approach to address supply chain security in Surface by applying security controls across all phases, including conception, design, development, production, delivery and maintenance.
Securing the supply chain requires explicit trust in the physical and digital supply chains of component and product producers. Device supply chain security includes hardware and component security along with software security.
Manufacturing and hardware security
Microsoft and Surface have taken proactive measures by conducting supplier audits to identify and address the top three supply chain threats: ransomware, phishing, and malware. Through collaboration and education, we work closely with suppliers and factories to ensure our hardware products incorporate Microsoft's standards-based manufacturing security system.
In addition to supplier audits and logistics security controls, Surface participates in worldwide shipping and transportation programs aimed at enhancing the security of global trade. These programs include the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Transported Asset Protection Association (TAPA). C-TPAT is a voluntary initiative by the US Customs and Border Protection agency to prevent terrorism and smuggling by building cooperative relationships with importers, carriers, brokers, and other trade partners. As a global industry association, TAPA establishes standards and best practices to protect high-value cargo from theft and hijacking. By joining these programs, Surface demonstrates its commitment to secure and efficient supply chain operations.
Software and firmware security
Surface Software and Firmware are built with the principles of 'Secure by design, secure by default and secure in deployment’. These principles are foundational to Microsoft product development philosophy and are embodied in Surface development. Surface relies on Microsoft's product security in Windows, and Windows applications integrating these measures into Surface software and firmware. Surface firmware resiliency helps ensure the integrity of all software and firmware from the moment of cold/warm boot, even before any Windows OS security is in place. Surface's commitment to security principles is reflected in the Secure Development Lifecycle (SDL) applied across our products.
Surface devices are powered by software that delivers the functionality and user experience that customers expect. Ensuring software supply chain security involves verifying that the software components and updates delivered to Surface devices are authentic, secure, and reliable. This process covers the entire lifecycle of software development and delivery, from design and coding to testing and deployment.
We have evolved the Secure Development Lifecycle to adapt to the changing threat landscape and regulatory demands such as the US Executive Order 14028 (“Improving the Nation’s Cybersecurity”). Our latest SDL updates focus on simplicity, automation, and providing developers with guidance and guardrails. We leverage enforcement mechanisms within our development and cloud platforms to enforce SDL requirements early in the development lifecycle. For example, we scan code for potential exposure of sensitive information before it's committed to version control and ensure that code is reviewed by someone other than the author before submission.
While minimizing vulnerabilities is a key focus, we have also invested in finding vulnerable code across our products and services. We use CodeQL, a powerful static analysis tool, to identify security issues and potential vulnerabilities in various programming languages.
Secure development practices
Software supply chain security is critical for customer trust because software can be compromised or tampered with at various stages of the supply chain, either intentionally or unintentionally. Malicious actors can exploit vulnerabilities in the software code, insert malicious code, or modify the software configuration to compromise the security and privacy of the device and its data. Errors or bugs can also introduce security risks or degrade the performance of the software.
- Secure development: Microsoft and its suppliers use secure development methodologies and tools to ensure that the software code is free of vulnerabilities, follows coding standards, and meets security requirements. Regular security reviews, audits, and testing help identify and fix any security issues before releasing the software.
- Secure signing: Microsoft and its suppliers digitally sign the software components and updates with cryptographic keys that are securely stored and managed. Digital signing ensures the authenticity and integrity of the software and prevents unauthorized modifications or tampering.
- Secure delivery: Microsoft and its suppliers use secure channels and protocols to deliver the software components and updates to Surface devices. This ensures that the software is encrypted in transit and verified by the device before installation, protecting against man-in-the-middle attacks, replay attacks, or denial-of-service attacks that could disrupt the software delivery or installation.
- Secure update: Microsoft and its suppliers provide timely and regular software updates to Surface devices to address any security vulnerabilities, bugs, or performance issues. Surface devices support automatic and manual update mechanisms for secure and convenient installation. Additionally, rollback and recovery features allow customers to restore the device to a previous software state if needed.
Reliable development infrastructure
A dependable development infrastructure is essential for providing reliable software. Surface takes advantage of Microsoft's engineering system, which integrates Zero Trust security principles that extend beyond identity, device, and access. This includes measures to secure our developers, such as phishing-resistant Multi-Factor Authentication (MFA), conditional access policies requiring managed, healthy devices for accessing DevOps web applications, replacing Personal Access Tokens (PAT) with Managed Identities, and applying the principle of least privilege when managing version control and build configuration. The engineering system also maintains a Software Bill of Materials (SBOM) for all products and ensures that a Software Development Lifecycle (SDLC) practice is implemented for all packages. Surface products generate build manifests in easily shareable and consumable open formats. SBOMs are a crucial component of software supply chain security for all our products.
Shifting Left Security by Design
Microsoft Devices are heavily investing in security by 'shifting left' security architecture, resulting in a more secure product and ecosystem for the customer. By applying security controls earlier in the product lifecycle, we can discover and address potential vulnerabilities sooner, reducing the attack surface and enhancing the overall security of our products.
This proactive approach to security, combined with our commitment to collaboration and education with our suppliers and third parties, ensures customers can trust in the security and reliability of Surface.
Continue reading...