“Assuming the breach” has been a point of contention within the IT and cloud security community, with some seeing it as a defeatist attitude, but that’s a misconception. It’s really about shift the focus from a one-side purely preventative strategy to include more emphasis on breach detection, incident response, and effective recovery when a breach does (almost inevitably) occur.
This interview with David Cross, Microsoft’s “go to” guy on Azure security, reveals how the “assume breach” approach is helping make Microsoft’s cloud computing services more secure.