After years of having a reputation as the most insecure commercial operating system producers, it appears that Microsoft is taking security more seriously than ever. The company invested $1 billion into security operations over the past year, and increased the number of security executives on its payroll by 100%. Taking a “holistic” approach, Redmond means business.
According to Microsoft Chief Information Security Officer Bret Arsenault, the first sentence of this article is inaccurate:
We’ve always done a good job in caring about writing secure code and making secure services. We needed to do more to protect endpoints and get intelligence from the cloud … so we’re making investments in a number of areas.
The statement was made in an exclusive interview for Dark Reading. Despite Arsenault’s claims, Microsoft’s operating systems have long had the largest attack surface, installed or piratically installed on tens of millions, if not billions, of PCs worldwide. Therefore, in fairness, it has long been the largest target for end-user exploits.
The $1 billion includes acquisitions, such as security firms Secure Islands, Aorato, and Adallom. These acquisitions make up a significant portion of the $1 billion, and then salaries of new security executives are also included in the figure.
Despite the acquisitions and renewed focus on creating secure environments at the consumer and enterprise level, Microsoft insists that it is not looking to disrupt firms which specialize in security. Arsenault told Dark Reading:
We’re not a security company like Symantec or McAfee. We are providing end-to-end services for consumers through the enterprise in endpoint, hardware, software, and cloud services. […] We think of ourselves as a security company, but not in the traditional sense.
Also read: Microsoft Clowns ABC.xyz with ABC.wtf
Pushing the Envelope?
Windows 10 has seen one of the more interesting security developments of the decade, with Microsoft introducing a serious alternative to the archaic password system. Windows Hello utilizes biometric data such as face or fingerprint to authenticate users, rather than a password. No matter how they’ve been implemented and no matter by whom, passwords have always been vulnerable by their very nature. But imagine a network where all users were authenticated with something unalterable such as their fingerprints. That’s a game changer for security professionals.
General Manager of Identity and Security Operations Dustin Ingalls told Dark Reading that it’s been his life’s work to rid the world of inherently insecure password systems.
My personal mission was to get rid of passwords. There’s nothing we can do today to [truly] secure passwords.
Since the resurgence of Apple in the late 1990s and throughout the 2000s followed by the rise of mobile devices and “cloud” operating systems, Microsoft has had to do soul-searching in order to retain its core users: business. The onboarding of CEO Satya Nadella was an important move in this direction, and by all accounts the new Chief is leading the company in a gainful direction, however unexpected some of its moves, such as attempting to load Android applications onto Windows, have been.
Image from Shutterstock.