Learn Satya Nadella’s Microsoft memo on placing safety first

At present, I need to speak about one thing essential to our firm’s future: prioritizing safety above all else.

Microsoft runs on belief, and our success depends upon incomes and sustaining it. Now we have a singular alternative and duty to construct essentially the most safe and trusted platform that the world innovates upon.

The latest findings by the Division of Homeland Safety’s Cyber Security Evaluation Board (CSRB) concerning the Storm-0558 cyberattack, from summer time 2023, underscore the severity of the threats going through our firm and our prospects, in addition to our duty to defend in opposition to these more and more refined menace actors.

Final November, we launched our Safe Future Initiative (SFI) with this duty in thoughts, bringing collectively each a part of the corporate to advance cybersecurity safety throughout each new merchandise and legacy infrastructure. I’m happy with this initiative, and grateful for the work that has gone into implementing it. However we should and can do extra.

Going ahead, we’ll commit the whole thing of our group to SFI, as we double down on this initiative with an method grounded in three core rules:

• Safe by Design: Safety comes first when designing any services or products.

• Safe by Default: Safety protections are enabled and enforced by default, require no further effort, and should not non-compulsory.

• Safe Operations: Safety controls and monitoring will repeatedly be improved to satisfy present and future threats.

These rules will govern each aspect of our SFI pillars as we: Shield Identities and Secrets and techniques, Shield Tenants and Isolate Manufacturing Techniques, Shield Networks, Shield Engineering Techniques, Monitor and Detect Threats, and Speed up Response and Remediation. We’ve shared particular, company-wide actions every of those pillars will entail – together with these really helpful within the CSRB’s report which you’ll study right here. Throughout Microsoft, we’ll mobilize to implement and operationalize these requirements, tips, and necessities and this can be an added dimension of our hiring and rewards selections. As well as, we’ll instill accountability by basing a part of the compensation of the senior management staff on our progress in direction of assembly our safety plans and milestones.

We should method this problem with each technical and operational rigor, and with a concentrate on steady enchancment. Each process we tackle – from a line of code, to a buyer or accomplice course of – is a chance to assist bolster our personal safety and that of our whole ecosystem. This consists of studying from our adversaries and the rising sophistication of their capabilities, as we did with Midnight Blizzard. And studying from the trillions of distinctive indicators we’re consistently monitoring to strengthen our total posture. It additionally consists of stronger, extra structured collaboration throughout the private and non-private sector.

Safety is a staff sport, and accelerating SFI isn’t simply job primary for our safety groups — it’s everybody’s high precedence and our prospects’ biggest want.

For those who’re confronted with the tradeoff between safety and one other precedence, your reply is obvious: Do safety. In some instances, it will imply prioritizing safety above different issues we do, corresponding to releasing new options or offering ongoing help for legacy programs. That is key to advancing each our platform high quality and functionality such that we are able to defend the digital estates of our prospects and construct a safer world for all.

Satya