Initiative for more IT security: Microsoft draws first conclusions
In a report, Microsoft explains how it is progressing with the Secure Future Initiative. Several measures are to prevent cyber attacks, among other things.
(Image: FON's Fasai/Shutterstock.com)
Microsoft launched the Secure Future Initiative (SFI) at the end of 2023 to prevent or contain IT security incidents in advance and to be able to respond efficiently after an attack. The company has now published a report outlining, among other things, the measures it has taken so far and the impact this has had.
The basis
In an article, Charlie Bell, Executive Vice President Microsoft Security, explains that they have now expanded the basis of the SFI to six pillars. At the start of the initiative in November 2023, there was still talk of three pillars. These now include the following points:
- Protecting identities and secrets
- Protect customers and isolate production systems
- Protect networks
- Protect technical systems
- Monitor and detect threats
- Accelerate response and remediation
To ensure this, 34,000 engineers have now been assigned full-time to this task. In addition, several newly appointed Chief Information Security Officers (CISOs) are to ensure compliance with IT security regulations. Maintaining IT security is now to play a role in the performance appraisal of employees. A newly established academy is intended to broaden employees' understanding of security.
The progress
Bell explains that Microsoft has had various successes in all six pillars since the SFI was launched. For example, they have uninstalled 730,000 apps on production systems in order to reduce the attack surface.
In addition, networks were further shielded from each other in order to limit the spread of attackers (lateral movement) after successful attacks. According to Bell, access keys now expire after seven days to prevent misuse. In addition, SSH access to internal repositories has been removed. Microsoft also explains other aspects in the report.
(des)
