Microsoft CEO Satya Nadella says cloud-first Microsoft’s scope means it can help make IT more secure, but industry collaboration is needed
In 2002, Bill Gates sent out a now famous memo outlining how security was to become the top priority at Microsoft, with all other projects – including what was to become Windows Vista – side-lined until its products were as secure as they could be.
Now in 2015, Satya Nadella says the new cloud-first Microsoft is uniquely positioned to protect businesses and consumers from the array of cyber threats as people and companies move away from fixed perimeter computing and into a constantly connecting world.
Speaking at the Government Cloud Forum in Washington DC, Nadella alluded to Gates’ memo and said customers across all industries needed to be able to trust its products, whether its Xbox Live, Office 365 or Windows.
“There isn’t a part of the economy … that is not using digital technology to drive innovation. But customers are not going to use this technology if they can’t trust it.
“When it comes to privacy, we will ensure your data is private and under your control. When it comes to compliance, we will manage your data in accordance with the law of the land. We will also be transparent about both the collection of data and the uses of data. And lastly, we will ensure all your data is secure.”
“These are the four strong commitments that we will make in everything we do in all our products, all our services, how we work with our customers both proactively and reactively. It’s grounded in these four principles.
Constantly connected security
Nadella said previous approaches to security had focused on fixed infrastructure around which a perimeter fence could be erected – an approach he said wouldn’t work in a cloud, BYOD era and as we move towards the Internet of Things.
“We live in a world where the attacks can come from anywhere,” he noted, adding that attackers were much more sophisticated and organised than in the past.
However, Nadella said Microsoft’s scope allowed it to understand threats more accurately and respond accordingly. For example, it issues a billion updates a month to Windows systems and inspects 200 million emails a month for malware.
“We run some of the biggest Internet services on the consumer side like Xbox Live as well as the business and commercial side with services like Office 365 and Dynamics and Azure.,” he said. “That gives us a pretty unique perspective on what’s happening, a great sampling of what’s happening in term of both the attack vectors and how one responds to them.”
“We think of Windows as a service so we can ensure compatibility and security of Windows endpoints continuously. It’s no longer about just giving you the tools but actually ensuring the security of your data in the service.”
Nadella called the issue of cybersecurity as one of the most “pressing” issues of our time and said industry as a whole needed to work together. He said the top eight data breaches in 2015 alone had resulted in 160 million customer records being breached and cost $3 trillion worth of market value.
“It’s not just something limited to the services we run,” he said. “The knowledge we gain is something we share broadly with the industry and with our customers because it’s going to take us all to come together to combat this.
“So, the approach we are taking has three key elements to it. The first is building out a comprehensive platform for you to be able to run that loop from protection to detection to response.”
“Second, we complement that with this intelligence fabric that we have and this operational security posture that we have, as well as a set of proactive and reactive services that we will have in the field, so we can help secure your environment on a continuous basis.”
“And lastly, it is about partnering broadly, partnering with the rest of the IT industry, because we know we don’t live in isolation. You all have a heterogeneous environment, and we need to operate within it.”