Compromise between security and other priorities? Nadella replied

Washington: Microsoft security changes: Microsoft is making changes to its security procedures after a series of high-profile attacks in recent years. Security is now Microsoft’s “top priority”, the company recently underlined in response to ongoing questions about its security practices and the US Cybersecurity Review Board deeming Microsoft’s security culture “inadequate”.Microsoft CEO Satya Nadella is now making it clear to every employee that safety should be given priority above everything else. According to a report by The Verge, Nadella, in a memo to Microsoft’s more than 200,000 employees, discussed the new security overhaul and explained how the company is learning from attackers to improve its security processes. Nadella also makes it abundantly clear that employees should not compromise security: Nadella: If you’re faced with a conflict between security and another priority, your answer is clear: do security.

In some cases, this will mean prioritizing security above other work we do, such as releasing new features or providing ongoing support for legacy systems. This is key to advancing both the quality and capability of our platforms so we can protect our customers’ digital assets and build a safer world for all. Nadella wants Microsoft employees to take on the challenge of sweeping changes in security. Approach “with both technical and operational rigor”, even viewing each line of code as an opportunity to improve Microsoft’s security. “This is everyone’s top priority and our customers’ biggest need,” says Nadella. Interestingly, Nadella also mentioned prioritizing security over support for legacy systems. Microsoft has a long history of supporting its software products for years beyond the standard, sometimes even extending to decades of support or compatibility. Nadella gave a small hint here that the company may need to change this approach to secure a future.

Microsoft has faced many security problems in recent years. Chinese government hackers targeted Microsoft Exchange Server with a zero-day exploit in early 2021, enabling them to access email accounts and install malware on servers hosted by businesses. Last year, Chinese hackers broke into US government emails through Microsoft Cloud. Recently, the same Russian state-sponsored hackers who were behind the SolarWinds incident, known as Nobelium or Midnight Blizzard, were able to spy on the email accounts of some members of Microsoft’s senior leadership team last year and this Were also able to steal the source code at the beginning of the year.