​Microsoft’s CEO Nadella: Trust us, we spend $1bn on security R&D every year

Microsoft CEO Satya Nadella on Tuesday laid out why customers should trust it ensure they're up and running in the face of cyber attacks from all directions.

Nadella on Tuesday outlined Microsoft’s security strategy to an audience of government employees in Washington DC, driving home the company's message about trust.

Trust, according to Nadella, will be critical as the world steps up the pace of opening network connections to consumers, suppliers, plant equipment, BYOD devices and the Internet of Things. On the one hand productivity gains won’t happen without increased connectivity, yet every new link can pose additional security threats.

“[Technology’s] become the core of not just the tech industry but every industry,” said Nadella, speaking at the Microsoft Government Cloud Forum.

“But companies are not going to use the technology unless they can trust it. And that’s why trust for us is central to our mission of empowering every person and organisation.”

“We live in a world where attacks can come from anywhere,” he said later, highlighting that the top eight breaches in 2015 led to 160 million compromised records. Meanwhile, borrowing from FireEye research, he noted the average time to detect an intrusion remained over 200 days.

“The attackers are more organised,” Nadella said. “You’re under constant attack. That’s the environment we have to deal with.”

“The cost of all of this in lost productivity and lost growth is estimated to be something like 3 trillion dollars,” he said.

Microsoft is taking a “very principled” approach to address these concerns, said Nadella, who pinned the company's strategy for trust on privacy, compliance, transparency and security.

Nadella said Microsoft was taking a “principled approach” and that includes managing its customers’ data in “accordance with the law of the land”.

That’s probably a nod to some of the issues surrounding last week’s announcement of two new data centres in Germany, where it's appointed Deutsche Telekom as its German “data trustee”, effectively making the new facilities as off-limits for the US government.

While addressing European concerns about US surveillance, the German arrangement is also a sign of how Microsoft hopes to protect US citizens’ data from foreign government access. In defying a US warrant it’s been served for email stored in its Irish data centre, Microsoft has argued that Americans would be outraged if a non-US government issued a similar warrant for US customer data stored on US soil.

While Nadella sounded more like a security evangelist at times than a bigger picture CEO, given the venue, Nadella steered his talk at moments to pitching Microsoft services, promoting that security is integral to Windows 10, Office 365, Azure, and Microsoft Enterprise Mobility Suite (EMS), rather than an add-on.

Nadella boasted Microsoft spends $1bn a year on security R&D, and that it runs “the world’s largest” anti-malware service through its Windows Defender program. Besides this, it facilitates 300 billion authentications each month and updates one billion devices every month with patches and compatibility -- a number it's previously used to take a stab at Google over Android security updates. And according to Nadella, security was part of Microsoft’s motivation for moving Windows and Office 365 to an ongoing subscription model.

Nadella also introduced the concept of the “security graph”, which offers it security insights based on big data it receives from end user devices, consumer services, commercial services and on-premise technologies.

To that end, Microsoft today also announced that its MDM software Microsoft Intune can now protect corporate apps on BYOD handsets that are not enrolled. This allows end-users to control their own devices while offering the IT department control over company IP.

This adds to a recent update that allows Intone to separate corporate data from personal data within the same app. So, Officer mobile users can access their content from OneDrive consumer as well as OneDrive for Business.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list.

Get newsletters, updates, events and more right here.

Join the CSO newsletter!

Error: Please check your email address.

Tags ​Microsoftcyber attacksSatya Nadelladata centresWashington DCdeutsche telekomNadellaMicrosoft Government Cloud Forumsecurity R&DCEOBYOD devices

More about CSODeutsche TelekomFireEyeGoogleMicrosoftTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts