Microsoft: Security top priority in products, services and internally
In an internal memo and a blog post, Microsoft puts security first in all developments. This applies to both products and services.
(Bild: Microsoft)
The "Secure Future Initiative" (SFI) announced by Microsoft in November 2023 is becoming more concrete. In the future, security is to be the top priority for all products, services and even the company's own operations. This can be seen in a memo to employees from CEO Satya Nadella and a detailed blog post from Head of Security Charlie Bell.
In this post, Bell lists three simple points, among others: "Secure by design", "Secure by default" and "Secure operations." Bell also explicitly links the latter to the attacks by the Russian actors "Midnight Blizzard", who have been infiltrating Microsoft's systems for months. Bell also refers to the recommendations of the US Cyber Safety Review Board (CSRB), which developed them after the theft of a master key for Microsoft's cloud services. The authority, founded by decree of US President Joe Biden, has been putting Microsoft under pressure for months.
Development systems are being secured
According to Charlie Bell, his company intends to adhere strictly to the CSRB's guidelines. In addition, bonus payments for Microsoft's top management are to be linked to the achievement of security milestones. The focus on security will also play a role in future recruitment. Bell acknowledges that Microsoft "plays a central role in the world's digital ecosystem" and concludes: "We must and will do more."
In addition to such promises, Bell also makes concrete statements, especially for securing Microsoft's own systems and development environments. Login structures are to be improved, networks isolated from each other and the supply chains for software better controlled. A supply chain attack on the xz library for Linux recently led to a near-MCA for all digital infrastructure, although Bell does not explicitly mention this.
Nadella holds employees accountable
While Bell is primarily addressing the public, CEO Satya Nadella addresses the approximately 200,000 Microsoft employees in an internal memo: "Make security" is the key sentence, as The Verge quotes from the letter. This decision should always be made in this direction when it comes to weighing up new functions or the continued support of outdated (legacy) systems. Nadella also emphasizes that the company, which has come under increasing criticism, must finally take the needs of its customers seriously. Security is now "the top priority for everyone and the greatest need of our customers." Nadella had made a similar statement shortly before the latest quarterly results.
(nie)
