Microsoft Overhauls Cybersecurity Strategy, Prioritizes Protections Post-Government Critique
May 4, 2024
Microsoft's security chief, Charlie Bell, commits to prioritizing security over all other product features.
The decision is in response to a US government report criticizing Microsoft for inadequate cybersecurity measures.
The Cyber Safety Review Board report identified 'avoidable errors' that led to a significant APT attack.
Bell's strategy includes adding Deputy CISOs to each product team and linking executive compensation to security achievements.
Microsoft's Secure Future Initiative will be expanded to emphasize security upgrades and fix vulnerabilities in its engineering processes.
The company is adopting CSRB's recommendations, enhancing technical controls to minimize unauthorized access, and strengthening its overall infrastructure.
Upgrades include better protection of network and tenant environments, enhanced isolation, monitoring, inventory, and secure operations.
Microsoft is intensifying efforts to secure source code and engineering systems with Zero Trust and least-privilege access policies, emphasizing security as its foremost concern.
Summary based on 1 source
Get a daily email with more Tech stories
Source

SecurityWeek • May 3, 2024
Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report