Brian Jackson - Fotolia

Microsoft CEO gets personal with IT security

Microsoft’s CEO says it is his mission to discover why large security breaches happen, and outlines his plan to secure data in a world where the attack vectors can happen at any moment

Microsoft CEO Satya Nadella has made it his mission to understand why major security breaches occur.

According to Nadella, 2015 was a tough year for security. “Just the top eight data breaches led to 160 million data records being compromised.”

At an event in the US on 17 November 2015, he revealed that he meets with the Microsoft security review team once a month to look at the major attacks and breaches.

“Every time there is an incident, I call the CEO of the company and I ask, ‘how can we help and what can we learn?’”

For Nadella, operational security has been the biggest change at Microsoft, and he believes tackling security is not just a top priority for Microsoft, but for the whole technology sector.

“The most pressing issue of our time is cyber security. Digital technology can play a positive role in every walk of life, but customers are not going to use this technology unless they trust it. Our mission is to empower every person on the planet to achieve more. This is what drives our technology innovation and trust is at the core of that drive.”

Nadella described a shift in IT security, from the IT perimeter that was commonplace a decade ago, to deperimeterisation, a term first coined by the group of chief information security officers who formed an organisation called the Jericho Forum more than 10 years ago. They recognised that the corporate firewall would no longer be suitable for protecting the latest ways of doing business.

While IT used to work in a locked-down environment, now users bring in their own devices, and some corporate applications are available as cloud-based services, outside of the corporate network.

Read more about next generation enterprise security

“There was a time when we could make a strong perimeter around our data, all secure inside the four walls of our environment. Over the past two decades we have extended our networks to touch our customers directly,” said Nadella.

“We are increasingly looking at public cloud and software-as-a-service (SaaS) applications and incorporating people’s devices into our network. We live in a world where the attack vectors can come from anywhere. It is a perimeter-less world.”

Nadella outlined four pillars Microsoft would be working on. The first concerned ensuring data is private and “under your control”; the second is about data being managed in accordance with country laws; the third would be built on Microsoft being “transparent about the collection of data and the use of data”; and the final piece of Microsoft’s strategy is to ensure all data is secure, said Nadella.

At the event, Julia White, general manager for Office at Microsoft, demonstrated how Windows 10 Passport could give smartcard-level security using Windows Hello for biometric authentication. For data loss prevention, she said Azure Active Directory provides conditional access to 2,500 public SaaS applications, as well as internal applications. For malware protection, she said Office365 looks for zero-day attacks as well as known malware.

White said Microsoft hardened security in Windows 10 over Windows to make it harder for hackers to compromise a machine. “We use virtualisation technology to isolate critical windows services such as authentication.”

White also showed how InTune, Microsoft’s mobile access management suite, could be deployed to provide conditional access based on an IT policy. The company announced that Box and Adobe will offer the latest Microsoft Intune native apps on iOS and Android to help prevent accidental sharing of confidential corporate data to personal locations or cloud services. Custom SAP Fiori mobile apps, built by customers using SAP Fiori mobile service, will also support Intune mobile app management.

Microsoft has also begun working with Barracuda, Checkpoint, Cisco Systems Inc, CloudFlare, F5 Networks, Imperva, Incapsula and Trend Micro Inc on a product called Azure Security Center. This will offer advanced, analytics-driven threat detection that Microsoft said would help businesses protect, detect and respond to security threats in real time. Another security product, Advanced Threat Analytics, speeds up the detection of anomalous patterns and then offers recommended configuration changes to protect equipment from current and future attacks, said Microsoft.

Read more on IT governance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

If MS wants to claim that they are serious about security, they should think of withdrawing Windows Hello which allows biometrics.

Whether face, iris, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keeping the near-zero false acceptance.

Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security.

Yea !!  It's about time! Let's hope it happens, I have had my heart broken my Microsoft and it's promises in the past. I guess I can look forward to "the check is in the mail"... 

I will believe it when I see it. Is this a response to the fact I see a lot more interest in Linux and open source programs? I think Microsoft may see the writing on the wall. They do have competition and it's gaining popularity.