Welcome to Cloud Wars Minute — your daily podcast of cloud news and commentary. Each episode offers insights and perspectives on the “reimagining machine” that is the cloud.
In today's Cloud Wars Minute, I discuss Microsoft's evolving security culture and priorities, and raise critical questions about the company's commitment to strengthening cybersecurity in light of past failures.
Highlights
00:13 — One of the things that Microsoft is trying to change is its security culture, its security capabilities, its security reputation, security. Six or seven months ago, the company said, “We’re going to make security our top priority.” You wonder what the top priority was before that? But they were pretty quiet for months.
01:08 — Microsoft released a security update last week, and I was excited to see what they did. So I think any progress is good for Microsoft customers. The company has said repeatedly, I don't know, 8 or 10 or 12 times in the blog post, in this progress report, “Security is our number one priority.” If Microsoft is now saying, “Okay, security is our number one priority,” what were they saying before?
02:44 — Microsoft made a big point: “We’re going to change the culture around security by ensuring that all of our senior executives have a portion of their compensation tied to how well we’re doing on security.” Well, what is that percentage? And how do they measure success?
AI Copilot Summit NA is an AI-focused event to identify opportunities, impact, and outcomes enabled by Microsoft Copilot for mid-sized and large enterprises. Register now for AI Copilot Summit in San Diego, CA March 17-19, 2025.
03:10 — I'm not trying to pry into someone's personal details regarding compensation, but you know what? If this is a fraction of the total compensation that they can get and they're still doing very well based on revenue and other parts of what's going on here, I think that's an empty promise. Also, in December 2023, Microsoft hired a new chief information security officer.
03:53 — The previous CISO was in that job for 23 years. How did this CISO last that long? Charlie Bell, the head of Microsoft's security business. He was in that job for three years, and it was only a year ago that the company started saying, “Okay, we're going to change everything from top to bottom.”
05:15 — All this talk about “security is our number one priority” is easy. But doing it is very hard, and Microsoft needs to provide more evidence that this new priority, and the new enthusiasm and focus on security, is actually making a difference. Stop saying it’s your number one priority; show what you’re doing.
