Microsoft’s New Security Memo
Microsoft is rolling out an array of major changes to its software engineering process aimed at improving the security of its widely used platforms, the company announced Thursday. In a pair of blog posts, top executives from the Redmond, Wash.-based tech giant outlined updates that are meant to enable its software to be secure by default while also improving key areas such as identity security and cloud vulnerability mitigation. The changes are a part of Microsoft’s newly announced Secure Future Initiative, the company said.
[Related: Microsoft Says 15,000 Partners Are Driving Its $20 Billion Security Business]
While the new initiative also aims to use AI in a bigger way to address evolving cyberthreats, the changes around Microsoft’s software engineering will potentially impact the company’s largest platforms including Azure, Windows and Office 365.
The changes come just a few months after a high-profile Microsoft cloud breach that impacted U.S. government email accounts, and prompted an inquiry into Microsoft’s security practices by U.S. Sen. Ron Wyden. Separately, industry executives including Tenable CEO Amit Yoran have recently accused Microsoft of responding slowly and inadequately to vulnerability disclosures. And federal cybersecurity officials such as CISA Director Jen Easterly have slammed Microsoft’s monthly “Patch Tuesday” software release, which typically reveals scores of vulnerabilities, saying it represents the opposite of a “secure by default” approach to software development.
‘New Standard For Security’
In one of the blog posts announcing the changes Thursday, Microsoft President Brad Smith wrote that its new initiative will “bring together every part of Microsoft to advance cybersecurity protection.” The initiative will set “a new standard for security” at Microsoft through evolving “the way we design, build, test, and operate our technology,” Smith said.
In the second post, Microsoft’s top security executive, Executive Vice President Charlie Bell, wrote that “a more secure future will require new advances in fundamental software engineering.”
Notably, Bell’s blog post references Bill Gates’ famous 2002 memo on “Trustworthy Computing,” in which Gates committed Microsoft to bringing a stronger focus on the security of its products. Bell included one of Gates’ lines from the memo: “If we don’t do this, people simply won’t be willing — or able — to take advantage of all the other great work we do.” For Microsoft, Bell wrote, that notion “still holds true over two decades later.”
What follows are five big Microsoft changes meant to improve its security.
28Shares
LEARN MORE: Cloud Security | Application and Platform Security | Cybersecurity
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security. He can be reached at [email protected].
RELATED CONTENT
Infosys Probes ‘Cybersecurity Event’ At US UnitFortinet Stock Downgraded After Weakest Firewall Results Since IPOIllumio Hires Veteran Of Tanium, Palo Alto Networks As Channel ChiefPalo Alto Networks To Acquire Dig Security To Enable Cloud Data ShiftProofpoint To Acquire Email Security Company Tessian TO TOPADVERTISEMENT
TRENDING STORIES
- Fortinet Stock Price Plunges Amid ‘Slowdown’ In Firewall Sales | CRN
- Splunk Cuts 7 Percent Of Staff, ‘Not A Result’ Of Cisco Deal, CEO Says | CRN
- Amazon’s Reported $1B Spend On Microsoft 365 Shows ‘New Outlook’ On Cloud, Partner Says | CRN
- Microsoft Vs. Google Vs. AWS: Q3 2023 Cloud Earnings Face-Off | CRN
- Nutanix CEO On ‘Areas Of Concern’ In VMware-Broadcom Deal For Customers And Partners | CRN