In this Special Report, John Siefert, Wayne Sadin, and Bob Evans discuss the recent cybersecurity vulnerabilities in Microsoft’s cloud services exposed by a Cyber Safety Review Board report, and the implications for customers and the broader tech industry.
Ask Cloud Wars AI Agent about this analysis
Highlights
Microsoft’s Cybersecurity Challenge (01:06)
Late summer, several U.S. government officials visited China, and their systems were hacked. It was serious. In March of this year, a unit within the Department of Homeland Security, the Cyber Safety Review Board, issued a report about the incident. It said there were technology, process, commitment, and funding failures on Microsoft’s part and that there just wasn’t a level of urgency within the company to deal with this.
Bob was expecting for CEO Satya Nadella to address this on the recent earnings call. Nadella said nothing. It was about 10 days after that, on May 3, that both he and the executive VP Charlie Bell put out public communications explaining their plans, attempting in every way possible to say “Security is our top priority.” Can they win back confidence?
The Buck Stops at the CIO’s Office (06:33)
When you look at cloud service providers of the scale, Wayne points out “We can’t avoid them. If I don’t like Microsoft, what am I going to do? Am I going to switch my email? Am I going to switch my entire Windows infrastructure to Linux? ”
No matter what the cloud provider, telecom, or software company, the buck stops at the CIO’s office (or the CISO’s, if there’s a parallel reporting relationship). Microsoft didn’t detect the breach. The Department of State detected the breach. How did they do it? They were running Microsoft software that they bought from Microsoft. It turned on advanced monitoring that Microsoft could have turned on themselves. But the State Department turned it on and then looked for anomalies.
That’s a lesson for all of us. Don’t go to sleep, don’t rely on anybody, even if they’re a $3 trillion market leader, to protect your assets. Your assets are your problem as a CIO.
Ask Cloud Wars AI Agent about this analysis
Cybersecurity and AI (15:17)
Microsoft needs to move quickly, as Google Cloud has done with Mandiant. Get customers into the mindset of saying, “I’m going to get out in front of this problem, and I’m going to have better protection, not just remediate things once they happen, but get out in front.”
The report covered a rule that monitored not only how email was being accessed but also by what system. The rules said email should only be read by particular systems, no system living in China should be reading their email. The rule was called “Big Yellow Taxi.” It was a pattern to be looked for. What is AI really good at? It’s good at finding stuff. It’s good at matching patterns.
Because it was prioritizing new features and keeping up with the Googles and Amazons, Microsoft just wasn’t paying attention. One of the most interesting things in the memo was a quote from Bill Gates from a long time ago: “If you need to do something to make it secure, make it secure.” If that’s the corporate mindset, and you get the bonus for being secure, but late on a feature versus getting yelled at, that’ll change the culture.
Challenges and Innovations: Microsoft’s Journey Ahead (21:55)
Bob mentions that the rules might have been called Big Yellow Taxi due to the Joni Mitchell song with the pertinent lyrics, “You don’t know what you’ve got till it’s gone”
He thinks Satya Nadella is facing the biggest challenge of his 10-and-a-half-year stint as CEO. He’s already proven he can go out and compete and win against anybody in the marketplace. This is something different because he’s got to change the culture of a company that believes it is very successful and that it’s been doing things right.
Nadella will be judged by what happens over the next six to nine months in getting this into the mindset — the new mindset of Microsoft — as much as in his incredible first 10 years.
John says, to Bob’s point, these last 10 years under Nadella, his leadership for Microsoft has been pretty incredible. The company’s valuation is one thing, with shareholders being very happy But there’s also been a pace of innovation, especially over these last five years or so, that has been borderline frenetic.
The AI Ecosystem Q1 2024 Report compiles the innovations, funding, and products highlighted in AI Ecosystem Reports from the first quarter of 2024. Download now for perspectives on the companies, investments, innovations, and solutions shaping the future of AI.
