Welcome to the Cloud Wars Minute — your daily cloud news and commentary show. Each episode provides insights and perspectives around the “reimagination machine” that is the cloud.
In today’s Cloud Wars Minute, I discuss Microsoft’s evolving security culture and priorities, raising critical questions about the company’s commitment to enhancing cybersecurity amidst past failures.
Highlights
00:13 — One of the things that Microsoft is trying to change is its security culture, security capabilities, security reputation, and security. Six or seven months ago, it said, “We’re going to make security our number one priority.” You wonder what was the number one priority before that? But it’s been pretty silent for a number of months.
01:08 — It came out with a security update this past week, and I was excited to see what it had done. So I think any progress is good for Microsoft’s customers. It said repeatedly, I don’t know, 8, 10, 12 times in the blog post, in this progress report, “Security is our number one priority.” If Microsoft is now saying, “OK, security is our number one priority,” what was it before?
02:44 — Microsoft made a point about saying, “We’re going to change the culture of the company regarding security by ensuring that all of our top executives have a part of their compensation tied to how well we do with security.” Well, what is that percentage? And how are they measuring success?
AI Copilot Summit NA is an AI-first event to define the opportunities, impact, and outcomes possible with Microsoft Copilot for mid-market & enterprise companies. Register now to attend AI Copilot Summit in San Diego, CA from March 17-19, 2025.
03:10 — I’m not trying to pry into somebody’s personal details about compensation, but you know what? If this is a sliver of the total bonus they could make and still do very well based on revenue and other parts of what’s going on here, I think this is an empty promise. Also, in December of ’23, Microsoft hired a new chief information security officer.
03:53 — Their previous chief information security officer was in that job for 23 years. How did that chief information security officer last so long? Charlie Bell, the head of Microsoft’s security business. He’s been in that position for three years, and only one year ago did the company start to say, “Okay, we’re going to change everything top to bottom.”
05:15 — All the fluffy talk about “Security is our number one priority” is easy. Doing it is very difficult, and Microsoft needs to come up with a lot more proof points that demonstrate, in fact, that that newfound priority, that newfound excitement and focus on security, is making a difference. Stop saying it’s your number one priority; show what you’re doing.
