Microsoft CEO Announces Cyber Defense Operations Center.
But in recent years, Microsoft has worked to clean up its act. Speaking in the nation’s capital on Tuesday morning, Microsoft CEO Satya Nadella said that “2015 has been a tough year” for cybersecurity — something he hopes to change by opening a Cyber Defense Operations Center.In his first moves on cybersecurity in nearly two years as Chief Executive Officer, Satya Nadella is building a dedicated site and assembling a new group of experts to help Microsoft Corp. respond faster to threats across its various products. “This is so that, like any intelligence operation, we don’t have silos,” Chief Executive Officer said Tuesday at a conference in Washington. “We’ll have people who’ll be able to in real-time connect the dots across what’s happening across all of these services.” Cybersecurity and preventing hacking and stolen data has become a key challenge in the software industry after a number of high-profile attacks in recent months, including on Sony Corp., Anthem Inc. and JPMorgan Chase & Co.Satya Nadella came to Washington, DC this morning, and delivered The Microsoft State of Security address, laying out Microsoft’s security vision and all of the tools and technologies that entails.
At the Microsoft Government Cloud Forum in Washington, D.C., Nadella laid out some alarming statistics, including the fact that 160 million customer records have been compromised so far in 2015, and that it takes an average of 229 days to detect a hack. He added that Microsoft is developing a new approach to how it “protects, detects, and responds” to security threats, covering all endpoints from data centers and sensors through to SaaS applications. As opposed to the more closed computer systems of the past, he said, we’re now living in a “perimeter-less world” with cloud computing, bring-your-own-device policies at workplaces, and the Internet of things. “We live in a world where the attacks can come from anywhere,” he said. “The attack vectors can come from anywhere. Microsoft, whose software and operating systems run the vast majority of personal computers, has been working to bulk up cybersecurity features as it seeks to boost sales in cloud and productivity products. Key to this was not only finding ways to secure the key elements of the Microsoft ecosystem — Windows, Azure and Office 365 — but finding ways to secure the infrastructure, the personal mobile devices and the services a company uses, regardless of whether they were Microsoft’s or another vendors.
Microsoft says it already invests $1 billion in security research and development (R&D) each year, but the company is creating a new Cyber Defence Operations Center, which it is calling a “state-of-the-art facility” that will house “security response experts” to “protect, detect, and respond to threats in real time.” The new center will work around the clock, and Microsoft said the facility will have a direct pipeline to thousands of security specialists across the company and elsewhere, who will serve to thwart any security threat. No time frame was given for the center’s opening. “While there will always be new threats, new attacks and new technologies, companies can take action today to address security concerns and improve their security postures,” said Bret Arsenault, Microsoft’s chief information security officer, in a blog post. “It is critical for companies to strengthen their core security hygiene (across things like monitoring, antivirus, patch and operating systems), adopt modern platforms and comprehensive identity, security and management solutions, and leverage features offered within cloud services.” Microsoft has been investing heavily in cyber security in recent times. Nadella said the center would allow Microsoft to put resources in the field so that “cybersecurity specialists can proactively and reactively work with customers.”
While we once protected our environments within the four walls of the data center, today he rightly pointed out that is clearly not enough, not when we have devices and data moving through the world beyond the company’s purview — and soon sensors in every room in our personal and professional lives. This all feeds into Microsoft’s broader stated vision — Nadella announced back in June that creating “the intelligent cloud platform” would be one of three key investment areas moving forward. In fact, the company now runs one of the more sophisticated bug bounty programs in the industry, a system that pays rewards to third-party researchers who discover problems and work with the company to fix them. “Fifteen years ago, friends were receiving cease and desist letters from Microsoft [trying to silence independent security research].
Microsoft Corporation is a public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through … read more » Microsoft’s journey shows that companies can go from being highly combative with the larger security research community to highly collaborative, a shift that is good for both users and stockholders, Corman argued. It will take a concerted effort by industry, government, law enforcement, customers and consumers to make this happen and it’s not going to be about a single vendor finding a solution.
The products integrate with one another and “inter-operate” with other security providers as well, such as Barracuda Networks Inc. and Symantec Corp. “We don’t think of security as being a separate piece of technology,” Nadella said. “It has to be core to the operational systems that you use, where your data resides, where your most critical applications usage is.” The security platform includes more than 15 features designed to protect information and data across all devices and sensors, detect threats and attacks and help enterprises respond more quickly. And especially in the aftermath of Edward Snowden’s revelations about the extent of the government’s digital surveillance capabilities, companies like Facebook and Google have touted upgrades to their security infrastructure. Nadella also emphasized the importance of working with partners across the industry, noting that Microsoft internally uses third-party products to boost security. “The knowledge we gain is something we share broadly with industry and with the customers it’s going to take us all to come together to combat this,” he said. Earlier this month, Nadella announced that the company would start using German data centers next year, allowing German customer data to stay inside the country and making it potentially harder for U.S. intelligence agencies to access it due to strict German privacy laws.
There are so many high profile breaches from Target to Anthem to Sony to the US Office of Personnel Management (and thousands of others we never hear about) that prove we are clearly losing the battle. Last year, the company automatically rolled out strong forms of encryption that Apple itself is unable to unlock to iOS users — a feature that has put it at odds with some senior law enforcement and intelligence officials. While Microsoft pushed the idea of working together, as you would expect it’s still pushing its own agenda, and that involves selling Microsoft tools and services.
As Apple has positioned itself as a privacy leader under chief executive Tim Cook, it has also set itself up to compete in the lucrative enterprise market — a space long dominated by Microsoft’s Windows ecosystem. Nadella introduced the concept of the Security graph, a collection of interconnected data, that when analyzed should give you a broader picture of the security state within your organization.
Essentially, Microsoft’s plan is to use security as a marketing strategy. “It’s clear that you have to be seen as an honest broker to compete,” said Corman. “And talking about privacy and security is becoming a requirement for gaining public trust.” At TechCrunch, we regularly cover startups that are taking various approaches to solving the security problems we face on a consumer and business level. Other technology companies like IBM, EMC, HP, Google and many others are also working hard, and while Microsoft laid out a broad and comprehensive security vision, it can’t solve the word’s security problems on its own.