The Schwartz Report

Blog archive

Satya Nadella Lays Out Microsoft's Security Roadmap

Microsoft CEO Satya Nadella today gave a holistic view of the company's focus on security and revealed it is building an intelligent operational security graph. Emanating from its Cyber Defense Operations Center in Redmond, this graph is a framework that allows for the sharing of real-time intelligence gathered and shared across every Microsoft offering ranging from sensors, Xbox and Windows devices to the datacenter and public cloud. Nadella said Microsoft is sharing the graph with a new ecosystem of partners and also revealed the company is investing $1 billion in R&D to build security into Windows, Azure and Office 365.

Nadella addressed an audience of federal IT security pros in Washington, DC at the Government Cloud Forum  (a replay is available on demand), where he spelled out the new intelligent security graph. Nadella described it in the context of reporting on the progress Microsoft has made in addressing the threat landscape of 2015 and beyond.

Nadella spoke of the numerous new security features in Windows, Office 365 and its public cloud Azure with the release of the Azure Security Center but also spoke of the huge escalation in breaches this year. "2015 has been a tough year around cyber security," Nadella said. "Just the top eight or so data breaches have led to 160 million data records to being compromised." But Nadella also emphasized the fact that it takes an average of 229 days for an organization to detect an intrusion and, suggesting that the graph will help reduce the time it takes to discover and respond to threats.

Time will tell but today's speech could be remembered as Microsoft's Trustworthy Initiative 2.0. While Nadella didn't describe it as such, he referred to the original Trustworthy Computing Initiative by Bill Gates, the company's founder and first CEO, and suggested Microsoft is now taking that from the focus from software development to operations.

"Fourteen years ago, Bill Gates wrote about Trustworthy Computing as a priority for Microsoft, and we have made tremendous amount of progress on it but with this changing environment, which is no longer just about our code, and the threat modeling and the testing but it is in fact about the operational security posture that we have in this constantly evolving environment, this constantly under attack," Nadella said. "The operational security posture to me is where it all starts."

At the center of that graph that enables Microsoft's new operational security posture is Microsoft's Cyber Defense Operations Center, located on the Redmond campus, which I had the opportunity to recently visit. It is a war room that rivals few others in the world that Microsoft uses to detect threats in advance, and share the information with all of its related product and service groups as well as its partners.

"We don't have silos, we actually have people who are able to in real-time connect the dots between what's happening across all of these services," Nadella said "That operations center, and the output of the operations center, is this intelligence graph that is being used in turn by our products to create security in the products themselves, and we share that intelligence broadly with our customers [and] with our partners."

Among some of the partners that Microsoft has tapped to integrate their security offerings with Microsoft's Azure Security Center are firewall suppliers Barracuda, Trend Micro, Cisco, Fortinet and Checkpoint. Also revealed were partners whose wares will integrate with the Microsoft Enterprise Mobility Suite's Intune service. The integration will let those partners utilize the policy, security settings and data protection capabilities of Intune. Among them are Adobe, Acronis, Box, Citrix, Foxit and SAP.

"Box for EMM with Intune for is the only way that customers can fully manage and secure Office files on mobile devices," explained Chris Yeh, Box senior VP for product and platform, in a blog post. "With the offering, users can determine which applications interact with Box and access corporate content, and implement additional controls and policies on Box and other managed applications."

Nadella also took time to spel out the new levels of security Microsoft has introduced across the board over the past year. It included some demos from Julia White, Microsoft's general manager for Office 365.

In describing the new intelligent security graph and the move to bring it into operation, Nadella has put forward his own Trustworthy Computing Initiative.

Posted by Jeffrey Schwartz on 11/17/2015 at 12:41 PM


comments powered by Disqus

Subscribe on YouTube