Microsoft’s point man on cybersecurity, Charlie Bell, acknowledges that the threat posed by “bad actors” online — including nation states and crime syndicates with their own HR departments — is rapidly rising.
“The threat is growing,” said Bell, who is Microsoft’s executive vice president for security, compliance, identity and management. “It’s amazing how organized the threat has become, and how big it’s become.”
But bit by bit, strategy by strategy, the response to the threat is becoming more organized as well, Bell said today at the GeekWire Summit. Although network security will always be a challenge, he has faith that the tide can be turned.
“We talk a lot about defense in depth,” Bell said. “It’s going to be continually layering the protection on and making the yield that somebody gets … smaller and smaller and smaller, so that you’ve got to break a lot more things before you get any value. And at some point, it becomes far more effort to break enough things to get enough value than it’s worth. And that’s when we know that we’ll fully turn the tide.”
It’s been a year since Bell came to Microsoft after ironing out a non-compete agreement with Amazon, where for years he was a top executive for Amazon Web Services. He now heads up a unit that has 10,000 people including existing and open positions, representing more than 5% of Microsoft’s nearly 200,000 employees.
Bell said he was surprised by the breadth of data that Microsoft can draw upon when it comes to cybersecurity.
“From the outside, I said, ‘Well, they have all of this stuff everywhere, and so they can see what attackers are doing, I’m sure.’ But once you get in deeply, like to watch what we’re doing with Ukraine, I thought, ‘Gosh, we could get in there and help in ways that see things going on,’” Bell said.
So, to paraphrase Lenin, what is to be done about cyberthreats?
One of the first steps in Bell’s recommendations for defense in depth is to turn on multifactor authentication, or MFA — the requirement to confirm sign-on with a second device such as a mobile phone.
Many organizations are falling short when it comes to MFA implementation. One survey has shown that only 22% of Microsoft’s Azure Active Directory users were using strong authentication as of last year. But Bell said that’s an area where Microsoft is trying to turn the tide.
“We’ve made MFA a default — it’s just [a question of] enforcing it,” he said.
Bell said Microsoft had to respect the way that businesses and customers operate today while continuing to prepare them for the cyberthreats they’ll face tomorrow.
“There’s just so much stuff that we’re putting into the products by default to protect people, but you have to be careful because you can’t break what everybody’s doing,” he said. “And that’s where a lot of this encouragement has to happen.”
Bell said moving the focus of computing to the cloud will also help counter the threat. That may sound like the sort of thing you’d expect to hear from a longtime AWS executive, but Bell said the cloud is where companies can best bring the power of artificial intelligence and big data to bear.
“We can have an asymmetric advantage ourselves,” he said. “The advantage, I think, is with cloud, because with cloud you get to see the posture and state of everything. You get to see all of the activity coming in, you get to see what’s normal. So you get a vast data set of what’s normal. And the thing about attackers is, they’ve got do something unusual in order to be able to do the wrong thing.”
Some industry observers have criticized Microsoft for making a multibillion-dollar business out of selling security software to plug vulnerabilities in the company’s other software products. But Bell said that there’s a balancing act between security and innovation. A financial services company, for example, requires more security — and less flexibility — than a startup that’s putting out a new breed of search app.
“Everybody gets to decide what the speed of innovation that they have is relative to the amount of stuff that they’re willing to put around it,” Bell said. “There’s a lot of complexity that comes with security. And of course, we’re doing a lot of things to try to eliminate all that. And that’s why we can keep leveling up.”
On other topics: