Microsoft Is Partnering with Vendors and Customers to Elevate Security Efforts
“We operate over 200 global cloud consumer and commercial services. So, everything from outlook.com to Xbox Live to Office 365 to Azure. And with all of those services, we have a tremendous amount of surface area that we have to defend,” O’Keefe explained.
He stated that Microsoft has always believed in the importance of security, “but the push from COVID to remote work, the reliance on technology to run businesses and the consequences of getting it wrong have really pushed us to emerge as a security company — and probably more importantly, as a security platform.”
In early 2021, Microsoft announced that its security business exceeded $10 billion in revenue in 2020, but O’Keefe said, “the reality is we can’t do it alone. In addition to our commitment to providing best-in-class products, we focus on providing an open platform and we welcome security vendors to integrate and provide better visibility and protection to our joint customers.”
As part of that effort, the company established the Microsoft Intelligence Security Association to enable collaboration with leading security technology companies. O’Keefe said Microsoft launched MISA in April 2018 with 26 members, and the organization has grown to 136 members and counting as of July 2020.
The Future Holds Even More Security Challenges
O’Keefe pointed out some cyberthreats that have been consistent for a while but that may have accelerated or become more prominent in recent years. He mentioned Forrester’s report on the top security threats of 2021, where it’s noted that COVID-19 and the growth of digital interactions have resulted in an increase in identity theft and account takeover.
He also cited a separate report that said “nearly 60% of data breaches in the past two years can be traced back to a missing operating system patch or an application patch. In that same report, fewer than half of enterprises indicated that they could meet the best practice standard of hardening those systems within 72 hours of that notification.”
These security vulnerabilities become highlighted amid news stories about successful ransomware attacks, which O’Keefe described as effective and lucrative. Ransomware, he said, “is used as an attack that really targets the lifeblood of an organization, which is their data.”