Microsoft is re positioning its security business around the industry and launching a host of new solutions around what it calls an “operational security posture,” according to CEO Satya Nadella, who said security is the “most pressing issue of our time.”
The security challenge is bigger than ever, Nadella said on stage Tuesday at the Microsoft Government Cloud Forum in Washington, D.C. As there has been a continuing stream of massive data breaches, together with growing attacker sophistication and a more connected world that is expanding the surface for attack, Nadella said, Microsoft has a responsibility to help its customers and partners secure themselves against this challenge in order to stay true to its mission.
“Microsoft’s mission is to empower every person and organization on the planet to achieve more — [that] is what drives all of our technology innovation agenda, how we interact with our customers and partner with our ecosystem,” Nadella said. “Trust is at the core of this.”
[Related: Inside The Microsoft Chairman’s Struggling Startup: Is John Thompson Spread Too Thin?]
To build that trust through security, Nadella said, Microsoft will pursue four pillars: privacy to ensure data is private and under control; compliance to make sure data is in accordance with the law; transparency around data collection and usage; and data security.
Those pillars will drive what Nadella called an “operational security posture,” whereby instead of focusing on the perimeter, organizations build a more proactive and comprehensive security practice. Nadella compared the new posture to going to the gym, where a daily exercise routine helps prepare your body to be healthy all day long. In security, Nadella said, that translates to protection beyond the endpoint to secure applications, cloud services, sensors, data centers and more, as well as extending detection to behavior-based analytic to protect against unknown threats and providing response in an “as-a-service” format.
To execute on this, Nadella said, Microsoft will be building out a comprehensive platform that will extend from protection to detection to response, tying in threat intelligence to allow for a more proactive approach, and forming partnerships with other vendors in the IT industry.
Robert Keblusek, senior vice president of business development at Sentinel Technologies, a Downers Grove, Ill.-based Microsoft partner, said Microsoft’s pushing more into establishing itself as a security giant makes a lot of sense because of its strong presence on the endpoint. Keblusek said that he looks forward to seeing what the vendor will do around behavioral analytic as well as forming relationships with other vendors, such as Cisco, to expand its security footprint.
“We really need these vendors to tighten things up. We’re pretty dependent on them bringing forward good code and security solutions that we can offer our customers in a better package and nicely consumable way,” Keblusek said.
The first examples of this push were evident Tuesday, as Microsoft introduced a series of new security solutions and services. Nadella said Microsoft is investing more than $1 billion in R&D every year to help build security into its mainstream products. Some of those investments already in place were demonstrated on stage, including Windows 10’s Microsoft Passport and Windows Hello, Enterprise Mobility Suite (EMS), Windows 10 Device Guard, Advanced Threat Analytic and the Azure Security Center.
The company also launched a new facility to bring together security professionals for 24/7 monitoring and response, called the Cyber Defense Operations Center. Microsoft also launched the Microsoft Enterprise Cyber security Group, a collection of security experts to provide assessments, monitoring, implementation, incident response and more around data and cloud security.
Microsoft also unveiled a new Enterprise Mobility Suite (EMS) for mobile application management and providing the ability to control applications and data across any device. It also revealed partnerships with Box, Adobe and SAP for data loss prevention and mobile app management. Finally, Microsoft said, starting Dec. 1, a solution called Customer Lock box will give customers full control over data in Office 365 and Equivio Analytic for e Discovery.
David Felton, owner of Nor walk, Conn.-based Microsoft partner Canaan Technology, said the new additions seem logical for Microsoft, as many focus on areas such as the cloud and the device, where the company already has a strong presence.
“To me, it just seems like an obvious thing that Microsoft would be doing,” Felton said. “As more and more people move to the cloud, I would expect that they would [ramp up security there, for example].”
While the move seems like a natural, Felton said, Microsoft still likely faces an uphill battle when it comes to security, as the vendor historically has not had the strongest reputation for security around its operating system. The new announcements may help to overcome some of that reputation, however, as the conversation is brought out from the back room engineers to the customers in the front room, Felton said.