Security is “the priority above all else” at Microsoft, said its CEO, Satya Nadella. The Windows publisher has been the subject of fierce criticism from the US government, which is pushing the company to strengthen its infrastructure against cyberattacks.
Microsoft is under fire from the Cyber Safety Review Board (CSRB), an office attached to the DHS (Department of Homeland Security), the authorities responsible for internal security in the United States. A report published in early April concluded that “ Microsoft’s security culture was inadequate and required review “. In recent months, very serious breaches have been exploited by hackers, to the point that trust in Microsoft is shaken.
Read Cybersecurity: Is Microsoft Negligent or Cautious?
This is what pushes Microsoft to make security its “ first priority », as explained by Charlie Bell, vice-president of the group attached to the subject. We therefore understand that this was not the case until now! Last November, the company launched the Secure Future Initiative (SFI) to prepare for ever-increasing cyberattacks. But that’s clearly not enough.
“ Microsoft occupies a central place in the global digital ecosystem, and with that comes a crucial responsibility to earn and maintain trust. We must and will do more », Explains the manager. This involves a series of measures:
- Protect identities and secrets: Improve security around authentication systems using automatic key rotations and hardware protections.
- Protect dedicated instances and isolate production systems: Strengthen the security of Microsoft instances and production environments by eliminating unused systems and strictly managing access.
- Protect Networks: Secure and isolate Microsoft production networks, applying microsegmentation and improving monitoring to better defend against attacks.
- Protect engineering systems: strengthen the security of engineering systems and the software supply chain, secure access to Source code and infrastructure.
- Monitor and detect threats: Maintain proactive monitoring and automatic threat detection on production infrastructure, centralizing security logs to facilitate investigations.
- Accelerate response times and remediation: improve response to discovered vulnerabilities, accelerating mitigation and increasing transparency of corrective actions through the adoption of industry standards.
In a memo to his teams, Satya Nadella commits to integrating all of Microsoft’s activities into SFI and to implementing three main principles: “ secure by design “, ” secure by default ” And ” operational security “. This sounds a lot like the promise “ Secure by design, secure by default » (“ Secure by design, secure by default “) made in the early 2000s and which was obviously forgotten along the way.
The Microsoft boss concludes by explaining that if a group employee is faced with a choice between security and another priority, “ the answer is clear: prioritize security “. In some cases, ” this will mean placing security above other activities, such as launching new features or continuing support for outdated systems “. Chick?
-
-
