Security Developer Center

ACE Services

The ACE Services team is a part of Microsoft IT’s Information Security group. The team was chartered to deliver the same security and performance services to Microsoft's customers and partners that ACE has been providing to internal Microsoft teams for over 7 years.  Our services are designed to help protect and optimize businesses and to ensure that:

  • Developers build the appropriate security controls into their application development processes and teach them skills and techniques needed to produce secure and reliable systems;
  • Infrastructure Architects and Engineers understand how to design and build secure and reliable, high performance infrastructure platforms to support their business objectives; and
  • IT and security leadership teams gain the benefit of the lessons and experiences gained by Microsoft IT security in protecting one of the world’s most heavily attacked environments, as well as tools and methodologies that allow them to move from reactive security to a more effective and efficient proactive security program.

ACE History

ACE’s ability to deliver effective, world-class security and performance services to Microsoft customers is no accident, but rather a product of ten years of security and performance work inside Microsoft IT. Some key highlights in our history include:

1999– ACE was formed to conduct performance testing and optimization of Microsoft’s key Line of Business (LOB) applications. This “senior function” of ACE remains one of our core functions for both internal and external customers today.

2001– ACE’s mandate was expanded to include the security assessment of Microsoft LOB applications. ACE Security was born.

2002– ACE’s mandate was again expanded to include privacy assessments.

2004– ACE released our first free tools to the development community with the initial versions of the Threat Analysis and Modeling tool and the Anti Cross-Site Scripting Library. 2004 also marked the birth of ACE Services, mandated to expand our service audience in order to give Microsoft customers access to our staff, processes and IP through Microsoft’s Services organization (Microsoft Consulting Services and Premier Support organizations). ACE Consultants began working with customers around the world to build secure and reliable businesses.

2008– ACE’s role was expanded again, moving Microsoft IT Information Security’s Infrastructure and risk assessment teams into the ACE organization. ACE now includes world-class performance, application, infrastructure security and risk management professionals positioned around the globe, available to serve both internal Microsoft security needs as well as our customers’ security and performance needs.









ACE Training

Security and performance are at the forefront of concerns faced by developers and engineers in current computing environments. In order to produce products that perform robustly and are resistant to attack, both commercial and “in-house” software development teams realize that it is critical to include security and performance throughout the software and infrastructure development processes.

The ACE training service was created by building on the wealth of security and performance knowledge that Microsoft IT has acquired through years of application and network security planning and development.

ACE security and performance training will provide your team with the focused information that it requires in order to understand, appreciate and appropriately address the most common security and performance problems in an enterprise IT environment. As a result, your teams will produce secure and reliable networks and applications.

Why Take ACE Security or Performance Training?

Our training service is based on years of hands-on experience in performing security and performance reviews, and in creating, interpreting, and enforcing security policies and standards. Microsoft experts have taken the lessons that they learned while implementing the Secure Development Lifecycle-IT (SDL-IT) atMicrosoft, and used this knowledge to create comprehensive training content. As a result, you can apply these concepts and best practices in your own development processes, infrastructure design and risk management methodologies.

Custom Content for Your Organization

To ensure that your support team gets the most from the training, sessions are delivered by Microsoft experts with extensive knowledge of the SDL-IT process.

By engaging Microsoft to train your IT and development staff, you are preparing your team to appropriately identify and mitigate host-level and network-level vulnerabilities.

For more information about consulting and support offerings from Microsoft, contact your Microsoft Services representative or visit www.microsoft.com/services.

Workshops

Secure Application Development

Ensure your development staff is current in security development best practices to eliminate the most common vulnerabilities from your applications.

Secure Application Deployment

Ensure that your applications are deployed on the most securely possible platforms.

Secure Tools

Learn how to apply the tools used by Microsoft IT security engineers to monitor and improve your own environments.

Application Threat Modeling

Learn how to develop and employ threat modeling to gain a proactive advantage in your application security program.

Application Performance Testing

Gain insight into the tools and methods used by the MSIT Information Security Performance team to ensure the high performance and availability of Microsoft Applications and Services.

Public Key Infrastructure Design and Operations

Learn how to plan, design, and operate a robust, secure and flexible Public Key Infrastructure (PKI) from Microsoft IT’s top PKI experts.

Microsoft Windows Vista Security

Uncover the security changes and improvements in Microsoft’s next generation client operating systems as well as learning methods to identify and reduce application compatibility issues.

Information Security Controls Assessment Training

Get the edge on security by effectively monitoring and evaluating your organization’s security controls.

Secure MOSS Design and Envisioning

Ensure that your Microsoft Office SharePoint Services (MOSS) deployment is structured securely from “the ground up.”

SDL-IT Workshop

A unique leadership workshop allowing your organization to explore the development and evolution of MSIT’s SDL-IT processes and begin to apply them to your own organization

Case Study Videos

Contact Us

Microsoft ACE Services is continually adding to our security service offerings to provide a holistic risk management solution to our customers. These include consulting in areas such as PKI, RMS, MIIS, Windows Vista Security, etc. For more information, please contact acesvc@microsoft.com.

Page view tracker