Microsoft CEO takes a collaborative approach to cybersecurity
- 23 November, 2015 17:22
Satya Nadella will have you know that cybersecurity takes a village.
The Microsoft CEO took to the stage this week in the nation's capital to describe a new, collaborative approach the company is taking as it deals with an evolving set of digital threats targeting an increasingly distributed tangle of users, devices and systems.
Nadella positions the cyber challenge as the latest entry on a continuum of threats that have emerged with new methods of communication, recalling the emergence of mail fraud and wire fraud, and calling cyber "one of the most pressing issues of [our] time."
At the core of his message: we can't do this alone.
"We've always had attacks on trust," Nadella says. "Each time we've been faced with this we've come together collectively as individuals, companies, organizations and governments to respond to use the very technology to be able to respond to the challenge. And that's what we're doing with cybersecurity."
[ Related: How to crowdsource your way to better security ]
The company announced an array of security moves it is making to better protect users and systems at a time when the number of Internet-connected devices is soaring, including a new security posture framed around the three pillars of protection, detection and response.
Cyber Defense Operations Center
Nadella touted a soup-to-nuts approach to security that encompasses everything from sensor-enabled devices to data centers. In support of that effort, Microsoft is establishing a new facility it's calling the Cyber Defense Operations Center, which will be staffed around the clock with security experts from the company working to detect and respond to emerging threats in real time.
Microsoft says that that team will coordinate with thousands of security workers, engineers, developers and others throughout the company, in what Nadella promises will be a more proactive approach to fighting cyber threats.
"When it comes to detection, it's no longer, for example, waiting to detect a signature and then coming up with a response and then deploying the remediation," he says. "We now have moved to much more of a behavioral approach where we can detect based on the behavior of the attack vector."
Enterprise Security Group for customer-facing security
Microsoft is also rolling out a customer-facing security unit, dubbed the Enterprise Security Group and tasked with monitoring for threats, performing security assessments and offering incident-response support.
All of these efforts are undergirded by the extensive data collection and analysis Microsoft has been conducting across its wide-ranging product portfolio, including Office 365 and Azure in the enterprise space, and the Xbox platform on the consumer side.
"Microsoft's unique insights into the threat landscape, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response," Microsoft CISO Bret Arsenault writes in a company blog post.
That amplifies Nadella's message of a holistic approach to security as a new wave of devices come online with the developing Internet of things.
He spoke of Microsoft working within a much broader "ecosystem," coordinating with other firms like Cisco, Symantec and Kaspersky in an effort to forge security-driven partnerships
"We want to interoperate with all of the tools, we want to take advantage of what each of these partners bring so we can collectively secure our environment," he says.
Nadella describes the company's latest effort as a natural extension of Microsoft's Trustworthy Computing initiative, which grew out of the now-famous memo Bill Gates circulated nearly 14 years ago, which highlighted the mounting security challenges Windows customers were facing.
"We have made a tremendous amount of progress on it, but with this changing environment, it's no longer just about our code and the thereat modeling and the testing, but it is in fact about the operational security posture that we have in this constantly evolving environment, this constantly under-attack environment," Nadella says. "It's become the core of not just tech industry but the core of every industry. But customers are not going to use this technology if they can't trust it."