Oct 17 2022

Microsoft Ignite 2022: Building Resilience Into Your Security Strategy

When discussing cybersecurity, it’s important to plan for a quick recovery that will minimize downtime.

Security is not a new priority for IT professionals or for C-suite executives. But as cyberattacks have increased in frequency, sophistication and severity in recent years, many organizations are becoming acutely aware of the need to protect their data, which can be a business’s most important asset.

In an ever-expanding threat landscape, cybersecurity must include not only a defensive stance but an offensive strategy as well. And part of that offense should involve backup and recovery, as well as careful planning around how to respond in the event of an attack.

“Cybersecurity is the top challenge that organizations are facing around the world. We’re all worried about it. And it starts with building great posture and great resilience,” said Vasu Jakkal, corporate vice president of Microsoft security, compliance, identity and privacy.

Jakkal spoke Wednesday as part of a panel discussion at Microsoft Ignite 2022 led by Seth Juarez, principal program manager for AI Platform at Microsoft.

Click the banner below to receive exclusive industry content when you register as an Insider.

What Is Cyber Hygiene and What Does It Mean to Cybersecurity?

As part of the panel discussion, Juarez welcomed Chris Wysopal, CTO of Veracode, to talk about cyber resilience. Juarez asked him about the combination of hygiene and security.

“We used to kind of call it best practices,” Wysopal said. “Like, the things that you just needed to do, the basics in security that you needed to do. And I think that that terminology just doesn’t really work, and cyber hygiene works much better.”

He explained that certain security tasks must be performed continuously, such as knowing your assets and scanning them for vulnerabilities. “That’s why the word hygiene works really well, because it’s that continuous, everyday type of process.”

Jakkal agreed, listing three aspects of good cyber hygiene “Great hygiene starts with great awareness,” she said. “You need to understand what your cyber security looks like. What’s happening in the world outside? Second, you need to make sure you have foundational security elements that you’re building, like multifactor authentication. And then last, you need to make sure that you have end-to-end security, zero trust.”

LEARN MORE: Discover how the banking industry can use AI to mitigate risk.

How to Assess Your Overall Cyber Hygiene

Juarez turned the conversation toward security assessment, asking how an organization could assess its cyber preparedness. Wysopal responded that there are resources, such as the steps listed in the Center for Internet Security’s Critical Security Controls.

In addition to these foundational aspects, Wysopal also pointed out the importance of multifactor authentication and the need to implement it everywhere possible. “People are just starting to use these SaaS applications. They’re downloading, they’re using applications in the organization, and there needs to be a process to make sure that two-factor is enabled before you start using that application, or these things just creep in. And all of a sudden, you're missing things.”

Jakkal recommended Microsoft Secure Score for help with assessments. She mentioned that there are two ways of using Secure Score: in Microsoft 365, which Jakkal described as Microsoft’s extended detection and response posture management, and in the cloud through Azure Secure Score, which can help in understanding your organization’s cloud security. “We are multicloud and multiplatform, so our solutions protect across AWS and GCP and Android and iOS and Mac OS and Linux.”

READ MORE: Find out how businesses can defend against security threats in the cloud.

Microsoft Announces Security Enhancements to Windows

In a related session at the event, Panos Panay, executive vice president and chief product officer at Microsoft, led a panel that included an overview of the new ways Microsoft is baking security into the design of its products and platforms. He highlighted the connection between data and AI, which has allowed the creation of new features.

Ramya Chitrakar, Microsoft’s vice president of engineering, expanded on the use of automation to enhance security at Microsoft. “It uses these machine learning models to proactively alert IT to anomalies,” she said. “We surface anomalies based on their severity, starting with those that impact end-user productivity the most.”

“Now, let’s take application regressions: We detect those on your Windows devices. And then, we harness the power of trillions of signals that we get from the Microsoft Cloud to mitigate the critical problems for end users,” she explained.

Chitrakar also spoke about Windows Autopatch, which can help relieve the burden of frequent security updates. “It’s an automated service built on top of Intune with an intent to stay current, with updates and patches for things like Windows and Office, Teams, Edge,” she said. “And it really improves your security posture by not skipping those key updates.”

Keep this page bookmarked for articles from the event and follow us on Twitter @BizTechMagazine and the official conference twitter feed, @MS_Ignite.

gorodenkoff/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.