By: Craig Kennedy
Microsoft Secure Future Initiative–3 Pillars of Cybersecurity
Earlier today, Brad Smith, Microsoft Vice Chair and President introduced the Secure Future Initiative, Microsoft’s latest steps for advancing cybersecurity protection for all of their users.
Microsoft Azure—A Target Rich Environment
Microsoft Azure has been the target of many high-profile cyberattacks over the years, not surprising as many large corporations and government entities run on Azure for their office and other technology workloads. This is a very attractive target for cybercriminals.
In one of the more recent attacks, a China-based threat actor was able to breach 25 government organizations in the United States and Western Europe running in Azure, and exfiltrating sensitive emails and other documents.
Three Pillars of the Initiative
Microsoft is focusing on three engineering advancements specifically focused on combating the increasing sophistication of security threats.
The goal is to create a comprehensive security infrastructure to protect users from the cyberthreats that exist today as well as more sophisticated and advanced threats expected to be utilized in the future.
First Pillar—Transforming Software Development with Automation and AI
Microsoft is enhancing its Security Development Lifecycle (SDL) to “dynamic SDL” (dSDL) by embracing continuous integration and continuous delivery (CI/CD) and incorporating CodeQL within the pipeline. This will be applied to the development and deployment of all Microsoft commercial software offerings.
Microsoft will also ramp up the defaults for multi-factor authentication (MFA) for Azure tenants to increase the baseline security configuration and enable Microsoft to add future capabilities in response to emerging security threats.
Second Pillar—Implement New Identity Protection and Access Rights
Microsoft will enforce the use of standard identity libraries across the entire Microsoft ecosystem, implementing advanced identity defenses like token binding, continuous access evaluation, advanced application attack detections, and additional identity logging support. Microsoft will make these libraries with advanced security capabilities freely available to non-Microsoft application developers.
Microsoft will also be moving to a more secure key management infrastructure with a hardened Azure hardware security module (HSM) and an automated high-frequency key rotation process without any human involvement.
Third Pillar—Driving Faster Vulnerability Response
Microsoft is planning on reducing the time to mitigate cloud security vulnerabilities by 50% by employing automation monitoring, and AI-driven tools and processes. Microsoft committed to transparency around all security incidents and challenged all major cloud providers to follow suit as well.
Bottom Line
Based on the historic attacks on Microsoft Azure tenants, this is a welcome response and should help secure the Microsoft cloud infrastructure with its many users. It’s somewhat surprising that Microsoft wasn’t embracing the first pillar of this initiative already.
Forward thinking software development companies have embraced CI/CD pipelines and driving security upstream in the process for years.
See the Future of Unified Communications and Collaboration with CEO and Lead Analyst Jim Lundy!
Airing LIVE on Thursday, November 16th at 10 AM PT | 1 PM ET
The Future of Communications and Collaboration
The second largest market in enterprise software is Communications and Collaboration. With a growing focus on AI and on enabling users to do video, voice or messaging based interactions, Communications and Collaboration is poised for the most change as Video becomes pervasive and messaging takes over from email.
Join Aragon Research’s Founder and CEO, Jim Lundy, on Thursday, November 16th, 2023 as he talks about what the future of UC&C looks like.
Key issues being covered include:
- What are the trends driving the evolution of Communications and Collaboration?
- How will AI and CoPilots make communication and collaboration more efficient?
- How can enterprises stay ahead of and take advantage of all of the innovation that is coming from Providers?
