satya nadella

Microsoft invests more than $1 billion annually to secure its products.

During his keynote speech at the Microsoft Government Cloud Forum in Washington D.C. this morning, Microsoft CEO Satya Nadella described his company's approach as a “security posture” rather than a security strategy.

Posture, he went on to explain, means more than just thinking about security. It means building all Microsoft's products with security at its core.

New Groups, New Security

Nadella continued by announcing the establishment of a Cyber Defense Operations Center that will integrate all of Microsoft’s security offerings as well as pull them into all its products and platforms. 

He also announced the creation of the Microsoft Enterprise Cybersecurity Group (ECG), which  will consist of security experts worldwide who will bring security solutions, expertise and services to the enterprise.

The new "posture," combined with additional managed services, are a response to a security threat that comes from ever increasing connectivity. “We live in a world where the attacks can come from anywhere. The attackers themselves are much more sophisticated,” he said.

The challenges include:

  • The volume and variety of connected devices
  • Increasing use of Software-as-a-Service for mission critical applications like CRM and ERP
  • Bring-Your-Own-Device strategies in the enterprise
  • The Internet-of-Things and the number of information-producing sensors

“There is an immense opportunity for enterprises and individuals to derive personal and professional value from today’s connected technologies. There is a corresponding growth in risk as people increase their exposure to cyber security threats,” Nadella said.

“While security has always been a focus for Microsoft, we recognize that the digital world in which we live requires a new approach to how we protect, detect and respond to security threats.”

Using information gleaned from Microsoft’s platforms and services, the team of security professionals, data analysts, engineers, developers, program managers and operations specialist will respond by:

  1. Analyzing threats and building data protection into the Microsoft portfolio
  2. Work with Microsoft customers to strengthen security infrastructure with the help of the new Microsoft ECG

Recent Enhancements

Julia White, General Manager at Microsoft, joined Nadella on stage this morning to talk about how Microsoft is building its new security ‘posture’. Among those developments are:

  • Windows 10’s Microsoft Passport and Windows Hello: Uses biometrics to eliminate the need for passwords and Credential Guard protects from pass the hash attacks – where hackers use one account to gain access to the credentials of another user
  • Enterprise Mobility Suite (EMS): provides features that help IT protect and manage corporate applications and data on any Windows, iOS and Android device
  • Windows 10 Device Guard: Uses combination of hardware and software features to prevent the installation of untrusted or malicious code
  • Advanced Threat Analytics: Speeds up enterprise response by detecting anomalous patterns and recommends configuration changes to protect you from current and future attacks

Nadella also pointed out that Microsoft recognizes it's not the only vendor in the enterprise. “We know we don’t live in isolation. You have a heterogeneous environment and we need to operate within it,” he said.

Microsoft has been building up its security capacities over the past couple of years though the development and acquisition of new technologies.

This year alone it has bought three Israeli-based security firms including Active Directory security firm Aorato, cloud security firm Adallom and most recently, data and file protection firm Secure Islands.