Microsoft's Chief Information Security Officer Bret Arsenault has taken to the company blog to highlight a new approach to security and dealing with security threats, using Microsoft's technology capabilities. The information was originally shared by Microsoft's CEO Satya Nadella at his keynote in Washington D.C. opening the Microsoft Government Cloud Forum.
The new approach encompasses three areas of security threats management: Protect, Detect and Response: protection now extends to all endpoint of technology including identities and sensors; threat detection is supported by the cloud and machine-learning to be even faster; and response to threats, made more quickly while providing customers with insights.
Microsoft's advantage in having a vast network for data from billions of Microsoft-powered sources is also highlighted. Security innovations included in Windows 10, Office 365, Microsoft Azure and Microsoft Enterprise Mobility Suite (EMS) works together to protect customer data from accidental or intentional loss, password-related attacks, malware installation, and helps detect and respond to successful attacks.
With its technology powering most of the infrastructures of the world, Microsoft has a heavy responsibility in keeping their customers safe from data theft and attacks, becoming even more critical as cloud computing gains increasing importance to the company's portfolio.
“They’ve changed themselves from worst in class to the best in class,” “The change is complete. They started taking security very seriously.” Mikko Hypponen, chief research officer at F-Secure. From NYTimes
It is hardly surprising, then, that Microsoft have been doubling down on its security efforts even more in recent times, impressing even past doubters. The focus is reflected by recent acquisitions and company organization, for example the newly announced Microsoft Enterprise Cybersecurity Group, or the newly-built Cyber Defense Operations Center where security managers across the company gather. Nadella reiterates on the mindset in one of his interviews with the New York Times on the matter, linking it to the consistency of exercising.
“It’s kind of like going to the gym every day,” “You can’t say I’m serious about security without exercising the regimen of keeping security top of mind every second, every hour of the day.”
On the software side, the new Windows Hello shows Microsoft's vision of better data security by getting rid of its weakest link: the password. Advance Threat Analytics, which Microsoft acquired last year from Aorato, provides insights to customers on potential and successful attacks, and built-in security features on Microsoft's products like Office 365 and Windows ensure that even accidental data loss would be prevented. Mobile security, increasingly considerable part of computing, is also addressed, with an announcement of new Intune native apps for Box and Adobe on iOS and Android to prevent accidental data sharing. A number of security enhancements to Azure were also highlighted.
Overall, Microsoft has clearly made keeping the customers' data safety a priority, and while its a hard fight with a few bumps (like the past fiasco with Google's security researchers releasing bugs info before there was a patch,) Microsoft is heading in the right direction. As the company's vision of convergence with Windows 10 comes together and Microsoft's services becomes platform-agnostic, it is more important than ever that a high level of security is maintained across all platforms to build customer trust, and we look forward to the company's signs of commitment in the future.