Share this article on:
The Redmond giant is introducing a security-first focus across its entire business following recent cyber attacks.
Microsoft has had a rough year when it comes to cyber security, but the company has announced it is turning over a new leaf and putting security first across everything it does.
Charlie Bell, executive vice-president for Microsoft Security, said in a blog post overnight that in the wake of attacks by two Russian-backed threat actors, the company “must and will do more” when it comes to cyber security.
“We are making security our top priority at Microsoft, above all else – over all other features,” Bell said.
To that end, Microsoft is ramping up and expanding its Secure Future Initiative (SFI).
“We will mobilise the expanded SFI pillars and goals across Microsoft, and this will be a dimension in our hiring decisions,” Bell said.
“In addition, we will instil accountability by basing part of the compensation of the company’s senior leadership team on our progress in meeting our security plans and milestones.”
Microsoft’s new approach to security will be built on three principles – secure by design, secure by default, and secure operations.
This will feed into six expanded security pillars that define Microsoft’s goals: protect identities, protect all Microsoft tenants and production systems, protect and isolate Microsoft production networks, protect engineering systems, monitor threats and detect them, and accelerate incident response and remediation times.
Bell also expanded on Microsoft’s efforts to boost its security governance.
“Microsoft is implementing a new security governance framework spearheaded by the chief information security officer,” Bell said.
“This framework introduces a partnership between engineering teams and newly formed deputy CISOs, collectively responsible for overseeing SFI, managing risks, and reporting progress directly to the senior leadership team. Progress will be reviewed weekly with this executive forum and quarterly with our board of directors.”
More regular meetings will be held between engineering EVPs and the pillar leaders of the Secure Future Initiative, both on a weekly and monthly basis.
“These meetings work on detailed execution and continuous improvement of security in context with what we collectively deliver to customers,” Bell said.
“Through this process of bottom-to-top and end-to-end problem solving, security thinking is ingrained in our daily behaviours.”
According to Bell, it all comes down to customers being able to trust Microsoft.
“As a global provider of software, infrastructure, and cloud services, we feel a deep responsibility to do our part to keep the world safe and secure,” Bell said.
“Our promise is to continually improve and adapt to the evolving needs of cyber security. This is job number one for us.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.