Microsoft's Nadella: Creating Trust at the CoreMicrosoft's Nadella: Creating Trust at the Core
In a keynote address, CEO Satya Nadella and Cloud Platform GM Julie White share the strategy and products comprising Microsoft's operational security posture.
November 17, 2015
In a keynote address, CEO Satya Nadella and Cloud Platform GM Julie White share the strategy and products comprising Microsoft's operational security posture.
As Microsoft asks you to embrace mobility and to consider hybrid environments or all-out cloud platform and application service options for enterprise communications and collaboration, CEO Satya Nadella makes what some would consider a big ask: "Trust us."
Delivering this morning's keynote address at the Microsoft Government Cloud Forum in Washington, D.C., Nadella spoke of the importance of digital technology "in every walk of life and in every sector of the economy," and promised that the company is deserving of your confidence in its ability to deliver digital technology securely and keep your data safe.
"Our mission to empower every person and every organization on the planet to achieve more is what drives ... everything that we do, and trust is at the core of this, Nadella said.
Microsoft's commitment to achieving trustworthiness encompasses privacy, compliance, transparency of collected data and its use, and security of all that data. Given that Microsoft runs some of the world's biggest consumer and business services, it has unique perspective on attack vectors and optimal responses to them, Nadella said. For example, it handles more than 300 billion user authentications and inspects more than 200 billion emails monthly as part of Office 365 service for spam and malware, he noted.
This is no longer about code, but about operational security posture. "This framework of protect, detect, and respond has been there with us for many years. What is new is that posture," said Nadella, adding that Microsoft's security reach is no longer just about the computing endpoints but about those plus the applications, the cloud services, the sensors used in the Internet of Things, the HVAC systems, and the data center environment.
The sea change is the response, which includes knowledge sharing with customers and partners, Nadella added. "We're using the transformation of an as-a-service base, even with Windows ... [and] Office 365. It's not only just about giving you the tools, but about actually ensuring security of your data, of your tenant, in the service."
Microsoft has a three-pronged approach, he said. First is to build a comprehensive security platform that lets companies establish a running loop from protection to detection to response. Second is to complement that with an intelligence fabric and operational security posture, plus a set of proactive and reactive services, to help secure environments on an ongoing basis. Third is to partner broadly with the IT industry. "We know we don't live in isolation. You all have heterogeneous environments, and we need to operate within it."
During the keynote, Julia White, GM for Microsoft's cloud platform, shared details and demos of Microsoft's new security capabilities and programs. Bret Arsenault, CISO, also shared the news today in an official Microsoft blog post, "Enterprise security for our mobile-first, cloud-first world." Among the organizational highlights is the creation of what the company calls a state-of-the-art, 24x7 Cyber Defense Operations Center as well as an Enterprise Cybersecurity Group (ESG) charged with helping organizations modernize their IT platforms and securely move to the cloud. Among its services, ESG will offer security assessments, monitoring and threat detection, and incident response, Arsenault wrote.
As for product highlights, White showcased a number of new capabilities. A sampling includes:
In addition, White showcased a host of capabilities available as part of the Enterprise Mobility Suite (EMS) to help mobile-first enterprises protect themselves against data loss. For example, organizations no longer need to enroll employees' personal devices for mobile application management; the Microsoft Intune mobile device and app management software will apply to them as well. Also regarding mobile app management, Adobe, Box, and SAP now support Intune, White said.
Advanced Threat Analytics also took center stage, with White demonstrating the ability to make recommendations on how to detect behavioral patterns that signal attacks and make recommendations on how to remediate the security situation. And by the way, she added, this doesn't just work from an Azure and cloud perspective. But most of Microsoft's customers are running in hybrid configurations, with infrastructure on premises, in private clouds, or in public clouds, be that Azure or, say, Amazon Web Services. "And you want to have that same security view across your entire enterprise estate."
By tapping into the intelligent security graph -- comprised of billions of signals from end points, cloud applications and partners' services -- Azure Security Center offers advanced, analytics-driven, threat detection that helps organizations prevent, detect, and respond to security threats in real time.
That's where Microsoft's new Operations Management Suite comes into play, she said. It collects data from across private and cloud environments, and brings it together to "search, correlate, and visualize this massive amount of data so you can detect security attacks across your entire estate, from cloud to on premises as well."
Gaining your trust comes with a hefty price tag -- to the tune of more than $1 billion. That's how much Microsoft spends annually on security R&D, Nadella said. "We don't think of security being a separate piece of technology. It has to be core to the operational systems that you use, where your data resides, where your most critical applications usage is."
Follow Beth Schultz and No Jitter on Twitter and Google+!
@nojitter @Beth_Schultz
Beth Schultz on Google+
