Given a chance to address a room full of government technologists at Microsoft Government Cloud Forum, chief executive Satya Nadella made is his focus clear from the start: “I’m going to talk about one of the the perhaps most pressing issues of our time, of our industry: cyber security.”
He likened security to a training regimen, and said that it was no longer about protecting endpoints, but building up an operational security posture that was ready for any threat, and integrating the security of devices, applications, and the cloud, with an ever-ready awareness of changing threat models.
And he offered solutions that Microsoft is working hard to roll out to as many people as possible, from using machine learning to detect and defang threats attacking Office 365 users in real time to killing off passwords in many day-to-day situations.
With high profile security lapses, including the disclosures by Edward Snowden and the Office of Personnel Management data breach, he was speaking with the right audience, and it was a perfect opportunity for Nadella to show how far Microsoft has come.
“Customers are not going to use this technology if they can’t trust it,” he said. “That’s why trust is central to our mission of empowering every organization and every person.”
He said Microsoft had made four strong commitments in its approach to security:
When it comes to privacy, we will ensure that your data is private and under your control. When it comes to compliance, we will manage your data in accordance with the law of the land. We will also be transparent about the collection of data and the usage of data. And lastly we will ensure that all your data is secure.
Microsoft General Manager Julia White then demonstrated how Microsoft intended to execute on those principals, offering a look at how Windows Hello could use biometrics to substitute passwords with a fingerprints, iris scans, or facial recognition.
“And just to be clear, this is not a front end, like on other devices, but a password replacement, which is a really big deal,” she said.
White also ran through security management improvements. Azure Security Center, for example, offers beefed up security options in almost every domain, from enforcing two-factor authentication with single sign-on for SaaS applications to a high-level overview of suspicious network across a company’s domain.
The demonstrations underlined one key point: That it’s not a fight between usability and security. Instead, usability was key to Microsoft's security vision, encouraging adoption while helping reduce the potential for accidental, yet often still catastrophic, data leakage.
“It’s a perimeterless world, it’s dynamic — and you’re under constant attack,” said Nadella. “It’s like going to the gym every morning. Every hour of the day you need to be prepared, so you must exercise this operational security posture at all times.”